New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve error message when login fails #14192
Comments
@Findus23 a new FAQ sounds good 👍 Could you maybe suggest a question and answer text for this? (then we could maybe add a brief link to this new faq in the error message). |
This improvement will be great. we get this report a few times per month. |
This error can occur when you were previously logged into Matomo over HTTPS and are now logging in over HTTP. This is due to the fact the Matomo sets the "secure" cookie flag when you login over HTTPS which causes form security to fail when you go back to HTTP. We can create a new FAQ with the above reasons, as well as any other reasons so that users can click on the link to find solutions rather than needing to search for the error message. |
It's really annoying that there are no answers to this. My site has always had ssl from the beginning and this is my fourth time installing matomo because of this issue. I've even connected it to cloudflare to make sure https is working and included the ; Uncomment line below if you use CloudFlare |
I'm hitting this issue right now with Matomo behind AWS CloudFront. When I print out headers in a temporary PHP file, I can see various headers
I dont see the console log error about cookies, and I can see a cookie being set (and seen in the above headers)
The temporary php file I use to collect this is the content below in a headers.php in the root of my site. This allows me to see exactly the headers PHP is seeing.
I still can't work out why I still see the Error Any suggestions? or troubleshooting advice? Some other references |
I think this is related to this PR: #18051. Once that PR is ready to go, I can document this in the FAQ. |
Draft FAQ document, here 😃 |
👍 made a few tweaks. Few parts may be bit technical or it won't be clear how to do them but it's better than nothing and otherwise we have to go into heaps of details. From my perspective sounds good to publish for now. @Findus23 did you want to have a read too? |
sounds good @peterhashair feel free to publish and we can tweak afterwards if needed |
The FAQ is pretty easily readable. Of course the issue on how to "check your Matomo setup" still remains as there are no real logs about this. But nevertheless this is a good improvement. |
#12208 improved the security of Matomo sessions, but it also seems to have caused some (broken) environments that formerly worked to fail with the
Form security failed
error.At the moment the error mentions four suggestions:
But there seem to be more reasons that can cause this bug:
https://forum.matomo.org/t/cant-login-after-fresh-and-successfull-install-behind-proxy-3-8-1/32006
(reverse proxy blocked the cookie header)
https://forum.matomo.org/t/cannot-login-after-3-7-to-3-8-1-update/31969?u=lukas
https://forum.matomo.org/t/update-to-3-8-0-problems/31336/10?u=lukas
https://forum.matomo.org/t/2-problems-with-matomo/31434/9?u=lukas
Unfortunately it is hard to know what exactly is causing the issue in the latter cases, so maybe just a FAQ that lists common reason could already help.
The text was updated successfully, but these errors were encountered: