Frontend Logout

Hi,

I had some problems with my component and tried to report this as a bug. Some things were fixed, but there is still some weird behavior when I try to edit a component in the frontend:

If I add an item in the frontend, and click afterwards on edit, I need to fill in my credentials again. It seems the action logged me out!

Can anybody confirm this? (I am using a fresh Joomla installation and just build the component)

I've seen this happen with components I've created.

Oddly enough, it seemed to only occur on Chrome and Safari running on OSX not in Firefox on Windows 7 or Linux. This made me think there is subtle difference in the way sessions are handled in OSX, though I'm not sure.

I created the component that displayed this in July 2016. I'm not sure if regenerating the components would resolve this issue.

This is in Joomla 3.6.2 on PHP 5.6.25.

I think I found the cause, it may help, so I'll describe it here.

All our systems run on https, but the links seemed to not set the http/https in them. Digging into the code I found that tweaking the calls to jroute fixed the issue.

In the code, in the list view, some had a single parameter, like...
JRoute::_('index.php?option=com_piota_content_import&view=content_import');
...so I changed them to...
JRoute::_('index.php?option=com_piota_content_import&view=content_import', false, 0);
...though actually I don't think this fixed my issue.

And some had three parameters, like...
JRoute::_('index.php?option=com_piota_content_import&task=contentimportitemform.edit&id=0', false, 2);
...which I changed to...
JRoute::_('index.php?option=com_piota_content_import&task=contentimportitemform.edit&id=0', false, 0);
...this was the fix that solved the problem.

Looking at the joomla docs at...
docs.joomla.org/Supporting_SEF_URLs_in_your_component
..it says...
$ssl is an integer value that specifies whether the URI should be secure. It should be set to 1 to force the URI to be secure using the global secure site URI, 0 to leave it in the same state as when it was passed, and -1 to force the URI to be unsecure using the global unsecure site URI.
...so I'm not sure what the "2" as a third parameter in the component was doing, but zero, false or leaving it blank would be ok I think.

Hope that helps, let me know if you have any questions or if anything doesn't make sense.

Hi Andy,

ran into this post when trying to figure out what was happening on my https site with the buttons to publish / edit / delete / etc.
As it turned out your keen investigation fixed all of these issues for me

I have searched the code for all instances with the faulty ', 2' value as ssl parameter in JRoute and now all of my crashing / error 500 / logout / login issues have gone when using the buttons on the lists and forms. I just committed this value (leaving it empty) and everything works again.

Thanks for sharing this!

regards,
Ruud.

Hi Ruud

Glad that was helpful

Cheers
Andy

Well Andy's tip seems to have saved me hours of frustration.
I'd created a whole new website and made it forced SSL front and backend.
I couldn't understand why it kept kicking me out when I tried to edit, cancel, delete an item in a list on the front end.
A google search brought me right back here.

This needs to be addressed in the component creator somehow.