CiviCRM Community Forums (archive)

We upgraded a site from 2.0 to 2.2 and the upgrade appeared to have gone smoothly. However, we soon found that editing a contact would result in an immediate logout of the user doing the edit when the changes were saved. Most CiviCRM forms behaved fine, but the contact edit screen consistently resulted in a logout.

After some time debugging, I identified that we were hitting some limits in Suhosin, triggering its security mechanisms. Suhosin allows you to configure a maximum number of variables to be submitted in $_REQUEST or $_POST, and the syslog showed that it was dropping variables when we exceeded that limit.

Our server is a fairly stock Debian and Suhosin's config was pretty much just the system defaults.

The fix was to add the following lines to /etc/php5/conf.d/suhosin.conf:

suhosin.request.max_vars=0
suhosin.post.max_vars=0

NB: Initially, I had these set to 500 - but I still ran into suhosin's limits! I find it hard to believe that CiviCRM is really generating >500 fields on the contact edit screen - but removing that particular limit seems to have cleared it up, anyway.

then apache2ctl graceful ...

Previously the values were defaulting to 200 and 200. It may be that in 2.2 there are a few extra contact details added which tipped us over the limit. Anyway, thought this one might catch someone else out if they have Suhosin enabled and a fairly stock config. (And maybe tons and tons of custom data fields, like we do!)

Hope this helps someone else out there