CiviCRM Community Forums (archive)

OK... so I've been trying to solve this for awhile. And, I can get to all other sections of CiviCRM with NO problem except Administer CiviCRM!
Problem: Upon Login to backend and selecting Components>CiviCRM>Administer CiviCRM, I get thrown back out to the back-end login panel with an "Invalid Session" error.

Set-up:
Joomla! 1.0.15 Stable
PHP ver: 5.2.5
WebServer: Apache/2.2.8
DB version: 5.0.45
PHP built on: Linux
Joomla! Register Globals Emulation: Off
Register Globals: Off
Magic Quotes: On
Safe Mode: Off
File Uploads: On
Session auto start: Off
Session save path: /tmp


- - - - -
Here's my frontend functionality set-up in index.php:
// mainframe is an API workhorse, lots of 'core' interaction routines
// These first two lines are needed for proper function of CiviCRM at the frontend
session_name( md5( $mosConfig_live_site . '_frontend' ));
session_start();
$mainframe = new mosMainFrame( $database, $option, '.' );
$mainframe->initSession();
- - - - -
Below, I'm using "mysite" and "joomla" as replacements for the main directory and subdirectory names where Joomla! is installed.

Here's the configuration.php livesite URL:
$mosConfig_live_site = 'http://www.mysite.com/joomla';

- - - - -
Here's the BASEURL info in…
ftp.mysite.com>public_html>joomla>administrator>components>com_civicrm>civicrm_settings.php

define( 'CIVICRM_UF_BASEURL'      , 'http://www.mysite.com/joomla/administrator/' );

- - - - -
And, here's the BASEURL info in…
ftp.mysite.com>public_html>joomla>components>com_civicrm>civicrm.settings.php

define( 'CIVICRM_UF_BASEURL'      , 'http://www.mysite.com/joomla/' );


I posted a very similar question earlier and Father Shawn responded that "a very common cause of such problems lies with the server set-up.  The location in the file system where php saves session data must be "writeable" by the user that "owns" the php script." He then suggested I ask the hosting company to check this. But, isn't "writeability" noted in the "System" in the "Directory Permissions" listing in the back-end? Everything is "Writeable."

Once again, thank you in advance for any assistance!
nuMedia

Hi Kurund,

Thank you for your reply.

My Global Settings > Resource URLs are...
CiviCRM Resource URL: http://www.mysite.com/joomla/administrator/components/com_civicrm/civicrm/

and

Image Upload URL: http://www.mysite.com/joomla/media/civicrm/persist/contribute/

Force Secure URLs (SSL)'s radio button is selected.

One added information point... I DO have Joomla! installed in a subdirectory (I'm calling it "joomla" above) since this is a site for a client and it's still in development. However, the SSL certificate was issued to www.mysite.com — and not www.mysite.com/joomla. Could this be part (or all) of the problem? My thinking is that the SSL applies to all directories and files under the main domain name but, perhaps, CiviCRM is more sensitive. This whole "Invalid Session" - need to login multiple times problem began after the installation of the SSL Certificate.

Again, thank you for any assistance,
nuMedia

Can you unselect this – Force Secure URLs – and check if it solves your problem ?

Yes, Kurund, I did this, logged out and back in again, and NO "Invalid Session"! Hooray!

I then "Previewed" the site, activated the "Donate Now!" page (which came up as http://) and then added an "s" to make it https://(Donate Now!) page and it appears that the SSL certificate is in effect and working. The URL address (in Firefox) changes to a yellow background and I see the LOCK in the browser footer. But, of course, without 'Force Secure URLs" activated, linking to this page will not, by default, appear secure.

Just to throw another wrench into the pile...
another problem I am having after getting to the https://(Donate Now!) page (with 'Force Secure URLs enabled) is if I click any other menu link, the 'https' does not release. I've searched for a solution for this and found the discussion at http://forum.civicrm.org/index.php/topic,1692.0.html but haven't tried any of the solutions suggested by either "acrosman" or "chrism" hoping against hope that this problem would be solved when the "Invalid Session" problem was solved.

Uh oh, that non-release of https is STILL happening even with 'Force Secure URLs' disabled.

Do those two information points relate?... and help with a diagnosis?

Thanks again for your responses and patience,
nuMedia