<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Michael,<br>
<br>
It appears there is another thing which can cause this problem.<br>
I recently greatly tightened up the security on the cookie that
ZendTo uses, to protect against CSRF (cross-site request forgery)
attacks.<br>
<br>
Please edit<br>
<tt> /etc/apache2/sites-available/001-zendto-ssl.conf</tt><br>
<br>
Right near the top of that file you should see a little section that
looks like this:<br>
<br>
# Add the "SameSite" restriction to all cookies.<br>
# Warning: This will break if you embed ZendTo in an iframe or
similar!<br>
<tt> <IfModule mod_headers.c></tt><tt><br>
</tt><tt> Header edit Set-Cookie ^(.*)$ $1;SameSite=<b>Strict</b></tt><tt><br>
</tt><tt> </IfModule></tt><br>
<br>
First, change the "<tt>Strict</tt>" (in bold above) to "<tt>Lax</tt>".<br>
Restart Apache completely and try to login to ZendTo and see if it
now works correctly.<br>
<br>
If that does not fix it, edit that file again and comment out that
whole little section (a "<tt>#</tt>" at the start of each of the 3
lines will do the job).<br>
Restart Apache completely and try again.<br>
<br>
Hopefully one of those 2 will solve it for you.<br>
<br>
If it will work with "<tt>Lax</tt>" then keep it like that. Only
remove the whole section if "<tt>Lax</tt>" won't work either.<br>
<br>
I'm still discovering the true impact of setting the "<tt>SameSite</tt>"
attribute.<br>
I set all the other necessary security attributes in my PHP code in
ZendTo itself. But PHP does not yet support the "<tt>SameSite</tt>"
attribute, so this is the only simple way of adding it. Once PHP 7.3
is released, I will be able to remove this as PHP 7.3 understands "<tt>SameSite</tt>".<br>
<br>
Please do let me know how you get on.<br>
<br>
Cheers,<br>
Jules.<br>
<br>
<br>
<div class="moz-cite-prefix">On 31/08/2018 08:53, Michael Keller via
ZendTo wrote:<br>
</div>
<blockquote type="cite"
cite="mid:WM!7567bb00a0b97b9e79505edb3b083093416398ee0c25e3b1b1a286f1b9cc0d88315390320b70de36be02da33d2162d5a!@mx.jul.es">Good
Morning,
<br>
<br>
I am new to Zend.To and to this list.
<br>
A few days ago I installed zendto 5.11-6 on a fresh Debian 9
system without any problem.
<br>
But after successful login I got the same errors as Thilo
describes here.
<br>
So I checked all the php.ini files for correct timezone and also
set the cookieTTL value to 20 hours as suggested by Jules.
<br>
<br>
But it didn't work. If I could some further checks to solve this
problem let me know.
<br>
Thank you for your help
<br>
<br>
Best regards
<br>
<br>
Michael
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
ZendTo mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>
<a class="moz-txt-link-freetext" href="http://jul.es/mailman/listinfo/zendto">http://jul.es/mailman/listinfo/zendto</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
'Is the Holocaust an aberration, or a reflection of who we really are?'
- Holocaust Museum, Berlin
<a class="moz-txt-link-abbreviated" href="http://www.Zend.To">www.Zend.To</a>
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</pre>
</body>
</html>