<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Brad,<br>
<br>
Yes. On CentOS or RedHat (or other RPM-based distros), the files are
here:<br>
<tt> /etc/httpd/conf.d/zendto.conf</tt><tt><br>
</tt><tt> /etc/httpd/conf.d/zendto-ssl.conf</tt><tt><br>
</tt><br>
On SuSE-based distributions (SLES and openSUSE), the files are here:<br>
<tt> /etc/apache2/vhosts.d/zendto.conf</tt><tt><br>
</tt><tt> /etc/apache2/vhosts.d/zendto-ssl.conf</tt><br>
<br>
They need exactly the same fix the "Header edit" line.<br>
<br>
I have already updated the Installer, so if anyone downloads the
installer from now on, they won't hit this bug.<br>
<br>
Cheers,<br>
Jules.<br>
<br>
<div class="moz-cite-prefix">On 31/08/2018 16:15, Brad Dokken via
ZendTo wrote:<br>
</div>
<blockquote type="cite"
cite="mid:WM!5d48be390664cc3a98c7a7523dcd76e8013883aa8fe7b72dca58eef6f84e6e44bf2f75d0f58871192a13fb36f69a0526!@mx.jul.es">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
tt
{mso-style-priority:99;
font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:windowtext">I am having
the same problem on Centos 7, is there a similar path on
this OS?
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">Thanks<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">Brad<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span
style="color:windowtext"> ZendTo
<a class="moz-txt-link-rfc2396E" href="mailto:zendto-bounces@zend.to"><zendto-bounces@zend.to></a>
<b>On Behalf Of </b>Jules Field via ZendTo<br>
<b>Sent:</b> Friday, August 31, 2018 3:36 AM<br>
<b>To:</b> ZendTo Users <a class="moz-txt-link-rfc2396E" href="mailto:zendto@zend.to"><zendto@zend.to></a><br>
<b>Cc:</b> Jules Field <a class="moz-txt-link-rfc2396E" href="mailto:Jules@Zend.To"><Jules@Zend.To></a><br>
<b>Subject:</b> Re: [ZendTo] Login session problem
(Users get logged off as soon as they click on any link)<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Michael,<br>
<br>
It appears there is another thing which can cause this
problem.<br>
I recently greatly tightened up the security on the cookie
that ZendTo uses, to protect against CSRF (cross-site request
forgery) attacks.<br>
<br>
Please edit<br>
<tt><span style="font-size:10.0pt">
/etc/apache2/sites-available/001-zendto-ssl.conf</span></tt><br>
<br>
Right near the top of that file you should see a little
section that looks like this:<br>
<br>
# Add the "SameSite" restriction to all cookies.<br>
# Warning: This will break if you embed ZendTo in an iframe
or similar!<br>
<tt><span style="font-size:10.0pt"> <IfModule
mod_headers.c></span></tt><span
style="font-size:10.0pt;font-family:"Courier New""><br>
<tt> Header edit Set-Cookie ^(.*)$ $1;SameSite=<b>Strict</b></tt><br>
<tt> </IfModule></tt></span><br>
<br>
First, change the "<tt><span style="font-size:10.0pt">Strict</span></tt>"
(in bold above) to "<tt><span style="font-size:10.0pt">Lax</span></tt>".<br>
Restart Apache completely and try to login to ZendTo and see
if it now works correctly.<br>
<br>
If that does not fix it, edit that file again and comment out
that whole little section (a "<tt><span
style="font-size:10.0pt">#</span></tt>" at the start of
each of the 3 lines will do the job).<br>
Restart Apache completely and try again.<br>
<br>
Hopefully one of those 2 will solve it for you.<br>
<br>
If it will work with "<tt><span style="font-size:10.0pt">Lax</span></tt>"
then keep it like that. Only remove the whole section if "<tt><span
style="font-size:10.0pt">Lax</span></tt>" won't work
either.<br>
<br>
I'm still discovering the true impact of setting the "<tt><span
style="font-size:10.0pt">SameSite</span></tt>" attribute.<br>
I set all the other necessary security attributes in my PHP
code in ZendTo itself. But PHP does not yet support the "<tt><span
style="font-size:10.0pt">SameSite</span></tt>" attribute,
so this is the only simple way of adding it. Once PHP 7.3 is
released, I will be able to remove this as PHP 7.3 understands
"<tt><span style="font-size:10.0pt">SameSite</span></tt>".<br>
<br>
Please do let me know how you get on.<br>
<br>
Cheers,<br>
Jules.<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">On 31/08/2018 08:53, Michael Keller via
ZendTo wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Good Morning, <br>
<br>
I am new to Zend.To and to this list. <br>
A few days ago I installed zendto 5.11-6 on a fresh Debian 9
system without any problem.
<br>
But after successful login I got the same errors as Thilo
describes here. <br>
So I checked all the php.ini files for correct timezone and
also set the cookieTTL value to 20 hours as suggested by
Jules.
<br>
<br>
But it didn't work. If I could some further checks to solve
this problem let me know.
<br>
Thank you for your help <br>
<br>
Best regards <br>
<br>
Michael <br>
<br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>ZendTo mailing list<o:p></o:p></pre>
<pre><a href="mailto:ZendTo@zend.to" moz-do-not-send="true">ZendTo@zend.to</a><o:p></o:p></pre>
<pre><a href="http://jul.es/mailman/listinfo/zendto" moz-do-not-send="true">http://jul.es/mailman/listinfo/zendto</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<pre>Jules<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>-- <o:p></o:p></pre>
<pre>Julian Field MEng CEng CITP MBCS MIEEE MACM<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>'Is the Holocaust an aberration, or a reflection of who we really are?'<o:p></o:p></pre>
<pre> - Holocaust Museum, Berlin<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><a href="http://www.Zend.To" moz-do-not-send="true">www.Zend.To</a><o:p></o:p></pre>
<pre>Twitter: @JulesFM<o:p></o:p></pre>
<pre>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654<o:p></o:p></pre>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
ZendTo mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>
<a class="moz-txt-link-freetext" href="http://jul.es/mailman/listinfo/zendto">http://jul.es/mailman/listinfo/zendto</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
'We face neither East nor West: we face forward.' - Kwame Nkrumah
<a class="moz-txt-link-abbreviated" href="http://www.Zend.To">www.Zend.To</a>
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</pre>
</body>
</html>