Forums | Mahara Community

Support /
Mahara forces me to login everytime I change page


anonymous profile picture
Account deleted
Posts: 7

04 October 2013, 2:50

I've found this solution in the QA section of the administrators guide:

Q: Every page I go to, Mahara wants me to log in again!

A: There's two possibilities:

  1. You could have set up a Server Alias for Mahara. This is a mistake.People use ServerAlias to make their sites respond to both example.org and www.example.org. The problem with this, in the context of Mahara, is that Mahara has a wwwroot setting which is where it expects to be run from. That is, Mahara expects to always be run from exactly the same domain name.This is for a couple of reasons. Firstly, SSL keys for MNET are generated by hostname, so having your site respond on more than one hostname means that MNET communications on the other hostnames will break - leading to an inconsistent "flaky" MNET experience for your users. Secondly, cookies can be set for just the one domain, preventing the issue where you log in at www.example.org then end up on example.org, not logged in.You can still provide any number of aliases - but you should do it with an extra VirtualHost instead of many ServerAliases. Here is an example of how to do it right:
ServerName example.org
# Definitely, absolutely, NO ServerAliases in here
DocumentRoot /path/to/mahara/htdocs

ServerName www.example.org
# NOTE: ServerAliases are OK in this vhost block - if a client hits
# any host in this block they'll be redirected to the "main" wwwroot
ServerAlias mahara.example.org
Redirect permanent / http://example.org/
  1. Another possibility (less likely) is that you have specified your dataroot incorrectly. Dataroot is an absolute path relative to the filesystem. It is NOT a URL, or part of one. It will also NOT work if it is a relative path.To work out where on the filesystem your Mahara is installed, if you can't find it some other way (like FTP), put a line in index.php like echo getcwd();.Your dataroot path then needs to be placed according to the normal rules, as documented in config-dist.php.

 

but don't know where or how to enter this code.

Can anyone provide more step by step instructions?

Thanks,

Ed

Aaron Wells's profile picture
Posts: 896

04 October 2013, 13:17

Hi Ed,

The code snippet there is part of an Apache web server configuration file. It only applies if you're running your own web server (not using a "shared hosting" environment where you just upload files), and it's optional -- it's meant to be an illustration of the correct way to use ServerAlias, as a counterpoint to someone using it incorrectly.

If you are running your own Apache server, the exact location of the configuration file this goes in will depend on your operating system and how your Apache is configured already. On a typical Ubuntu Linux installation, the Apache configuration files are under /etc/apache2 , with a separate configuration file for each "site" under /etc/apache2/sites-enabled . You could look in that directory to see if there's a file for your Mahara site, and if there is, check to see if it has a ServerAlias directive in it which doesn't look like it's being used as in the example snippet.

Apache has a pretty thorough manual, but it can be a little intimidating if you're new to the stuff. Here's their description of what ServerAlias does: http://httpd.apache.org/docs/2.2/mod/core.html#serveralias

What I would recommend you to do is:

1. As I mentioned above, if you're running your own Apache server, locate your sites' config file and see if there's a ServerAlias directive in there, in which case point 1 in the advice you posted applies.

2. Check that you've specified your dataroot correctly. Look in your Mahara site's "config.php" file, and find the line that specifies $cfg->dataroot = "/some/path". As it says in the second bit of advice you posted, make sure that the $cfg->dataroot is a filesystem path to a directory that exists, is outside of your web directory, and is owned and read-write-executable by the user that Apache runs as.

Cheers,

Aaron

anonymous profile picture
Account deleted
Posts: 7

08 October 2013, 0:58

Thanks Aaron,

I've made sure the webroot and dataroot specified in config_php are correct. My first attempt ata specifying the webroot somehow caused the dataroot to be moved to the public folder but I think I've got it correct now. The webroot is in public_html and the data root is one level up so hopefully there is no security problem. Everything is working very smoothly (so far).

The only thing I haven't managed to do is reset PHP session.entropy_length to 16. Can't seem to find where I'm supposed to change the setting in the init.php file.

Thanks again,

Ed

Aaron Wells's profile picture
Posts: 896

08 October 2013, 10:55

Hi Ed,

I'm glad to hear you got it sorted. Smile

Regarding your dataroot, if you mean that it is the *parent* directory of the web root, that's not a great idea. On the other hand, if you mean it's a sibling of the web root, that's probably fine. In other words:

$cfg->docroot = '/path/to/my/docroot';

BAD: $cfg->dataroot = '/path/to/my';

OKAY: $cfg->dataroot = '/path/to/my/dataroot';

The reason being that Mahara arbitrarily creates files and directories inside the dataroot directory, and so if your web root (aka $cfg->docroot) sits inside the dataroot, there's a slim chance Mahara could try to overwrite it.

Regarding session.entropy_length, here's some advice about that: https://wiki.mahara.org/index.php/System_Administrator%27s_Guide/Installing_Mahara/Troubleshooting#Q:_I_see_.22Your_PHP_session.entropy_length_setting_is_too_small._Set_it_to_at_least_16_in_your_php.ini_.5B....5D.22

Cheers,

Aaron

4 results