Closed aaversa closed 1 week ago
Check caching on your web server, proxies, CloudFlare, etc.
It was not a caching issue - the problem was this line in session.php:
'secure' => env('SESSION_SECURE_COOKIE', false),
As written, login pages could not be accessed via https, users had to use http (not intuitive). Once we knew this we were able to have people switch to http and things worked fine.
Can you add this to the documentation?
How to reproduce the issue?
1) Set APP_URL
to use HTTPS: https://mysite.com
in the .env file and clear cache.
2) Set SESSION_SECURE_COOKIE=true
in the .env file and clear cache.
3) ...
The repro was a completely clean install, no changes to session.php.
Set app url - https://mysite.com
Create new user. User opens invite email. They immediately see the activity timeout error.
User manually goes to http://mysite.com/login - can use reset password from here.
We can't reproduce the issue. The problem may be in your web server or HTTPS configuration.
Can you help diagnose it more? This is just a regular server and we don't have any kind of unusual configuration. After attempting an update this is now happening to me constantly.
The only way to figure it out is to investigate on your server. You can email us at support@freescout.net or try https://github.com/freescout-helpdesk/freescout/wiki/Hire-Developer
I just re-installed Freescout on my server (PHP 7.4) and invited several users. One of the users, who has never visited the site before, attempted to access the link he received, which was in the format:
https://mysite.com/user-setup/longStringOfCharactersHere
As soon as he clicks on the link, he receives the following error:
"The page has expired due to inactivity. Please refresh and try again."
He has tried refreshing, no good.
Every other user I've invited reports the same thing, across multiple browsers, OS and computers.
Why would this be happening?
EDIT: If users instead visit https://mysite.com/ and trigger a password reset, they CAN log in this way. But this is still bizarre.