Closed loqus closed 2 months ago
First of all I would not use getenv()
to fetch the ENV variables, but use Craft's built in helper:
use craft\helpers\App;
App::env('SECURITY_KEY')
This error mainly stems from the fact your security couldn't be read, or is invalid. Have you tried out dumping to see if getenv()
actually returns the correct value in your config?
Normally you shouldn't need to touch variables_order.
Are you sure securityKey =>
is loaded in all environments, and not on a specific one?
Thanks for your feedback. getenv('SECURITY_KEY') returns the right value, but I've replaced it with your suggestion. 'securityKey' => App::env('SECURITY_KEY'),
This is loaded in the return [ // Global settings '*' => [ ..... 'securityKey' => App::env('SECURITY_KEY'), ...... ] ] The error remains in the logs
Ps this error only shows in the phperrors log when devmode is false and the url does not exists. All found urls and routes just work fine.
Is a SECURITY_KEY
environment variable actually defined? You can be 100% sure by going to Utilities → PHP Info and searching for SECURITY_KEY
.
Craft 4+ installs will have CRAFT_SECURITY_KEY
by convention, so check if that’s what’s actually getting defined. If you have that, you will be able to safely remove the securityKey
config setting from general/config.php
as CRAFT_*
environment variables will get set to their corresponding config settings automatically – see Environment Overrides.
Yes the environment value can be found in Utilities->PHP Info (as environment $_SERVER and $_ENV variable). I've added the CRAFT_SECURITY_KEY and the error has dissappeared. I think it might be related coming from V2 all the way to almost V5 and missing some steps between versions. Thanks for guiding me.
What happened?
Description
I moved a server from CentOS to Ubuntu 22 and I got this error in my logs.
It seems to be related to yii\web\User or getting the cookies At first an error was shown to come from Blitz (CacheRequestService.php $user = Craft::$app->getUser()->getIdentity();) but after commenting those parts out it resulted in the above ^^
The security key is set in the .env and in general.php it's set like this:
I found one possible solution to edit the php.ini and set the variables_order = "GPCS" to variables_order = "EGPCS" In order to load the env first, but that didn't work out.
I also tried to set the cookieValidationKey manually as key in Helpers/App.php, but that also didn't work
I'm a bit clueless in how to solve this. The site operates as normally in devmode and Blitz cache enabled except for the pages that are not found
Craft CMS version
Pro 4.9.7
PHP version
8.2.20
Operating system and version
Ubuntu 22
Database type and version
MariaDB 10.6.16
Image driver and version
Imagick 3.7.0 (ImageMagick 6.9.11-60)
Installed plugins and versions
-Blitz