I have Piwik behind a load balancing proxy and am using the database for session storage. My
config.ini.php contains the following important bits:
[General] force_ssl = 1 assume_secure_protocol = 1 session_save_handler = "dbtable" force_ssl_login = 1 proxy_client_headers = "HTTP_X_CLUSTER_CLIENT_IP" trusted_hosts = "analytics.domain.tld"
However, I would continually get an error about Form Security. Commenting out the 4 lines referenced in this forum post resolved the problem for me. This was brought up June 2013 and a reference was made to use paid Piwik support, but I believe this is a bug. If you're using multiple servers you cannot use PHP's file-base session storage and must use a central system, like a database.
If I un-comment those lines in the Session.php file then the DB sessions don't work. Are you sure that after commenting those lines you're still using DB session?
I didn't check the DB table but it turned out not to work anyway as I discovered the next day (my initial test was in haste). But, I am definitely not able to use DB sessions with proxy; I ended up changing it to a single server with no proxy. Instead of closing this, I'm willing to help troubleshoot this configuration to get it working as expected if you are too. Thanks.
Ok please create a new issue with possible steps to reproduce if you can, if there is a bug in piwik in this configuration then it would be nice to solve it :+1: