[raybo]

I completed the installation, afterward I am unable to login, I have tried resetting the admin password per the FAQ, that did not work either. I seem to sign in fine, if I enter an incorrect password it says so; however, the successful login results in nothing. Any attempt to visit any pages results in a 403 You don't have permission to access this folder. I have deleted and reinstalled, but the result is the same.
The database is getting populated and I see the the admin user in it.
My apache config is ads follows:
<VirtualHost *:80>
        ServerAdmin raybo@hellokitty.vg
        DocumentRoot /var/www/fcc
        ServerName fcc.hellokitty.vg
        ErrorLog logs/fcc.hellokitty.vg-error
        CustomLog logs/fcc.hellokitty.vg-access combined
        ModPagespeed Off

        DirectoryIndex index.php index.html wx.php
        <Directory "/var/www/fcc/">
                Options Indexes +Includes MultiViews FollowSymLinks
                AllowOverride None
                Order allow,deny
                Allow from all
        </Directory>

        Alias /comments/ "/var/www/commentics/"
        <Directory "/var/www/commentics">
                Options Indexes +Includes MultiViews FollowSymLinks
                AllowOverride None
                Order allow,deny
                Allow from all
        </Directory>

        Alias /icons/ "/var/www/icons/"
        <Directory "/var/www/icons">
                Options Indexes MultiViews
                AllowOverride None
                Order allow,deny
                Allow from all
        </Directory>

        Alias /images/ "/var/www/images/"
        <Directory "/var/www/images">
                Options Indexes MultiViews
                AllowOverride None
                Order allow,deny
                Allow from all
        </Directory>

</VirtualHost>

[Steven]

It sounds like a hosting issue which I can't help with. Try looking at your server's Apache and PHP error logs, or contacting your host.

[raybo]

Probably not a hosting issue I am running this on a virtual machine in AWS EC2.

When I try to login with the wrong password it tells me so, the right password just takes me back to the login over and over.

The error in the log is unrelated I guess:
[Tue Nov 17 20:41:41 2015] [error] [client 61.126.190.15] PHP Notice:  A session had already been started - ignoring session_start() in /var/www/commentics/hellokitty_admin/index.php on line 27, referer: http://fcc.hellokitty.vg/comments/hellokitty_admin/

From the access log:
61.126.190.15 - - [17/Nov/2015:20:41:41 +0900] "POST /comments/hellokitty_admin/index.php?page=dashboard HTTP/1.1" 302 25 "http://fcc.hellokitty.vg/comments/hellokitty_admin/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36"

61.126.190.15 - - [17/Nov/2015:20:41:41 +0900] "GET /comments/hellokitty_admin/index.php?page=dashboard HTTP/1.1" 200 574 "http://fcc.hellokitty.vg/comments/hellokitty_admin/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36"

[Steven]

The reason I said it sounds like a hosting issue is because when you log in using the correct username and password it tries to create a session. Every login issue on this forum has been because of sessions not working properly on the user's server. That error (or notice) is saying that a session is already started, so I assume you have "session.auto_start" configured to on in your (or Amazon's) hosting setup. It's turned off by default. So I question whether a session is actually available for Commentics to use. Secondly, a 403 forbidden error is a hosting issue, usually as a result of a .htaccess rule.

If you try using the file in this thread then it should help to determine what's happening:

https://www.commentics.org/forum/showthr...91#pid4491

[raybo]

Here are my php.ini settings:
session.use_cookies = 1
session.cookie_secure = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 1
session.cookie_lifetime = 60

I figured out the 403 error is a fake error, I found just about every directory has an index.html file that returns a page saying access denied. I am assuming that is to protect people that have not disabled directory browsing.

A couple of the websites I run on this server use PHP sessions, so I have had the session config for a couple years now.

If I try to access any of the images in the image directory or files in agreement/english/ those all work, so I think that tells me that the web server setup is OK.

In the top level directory, there is an index.php, that either finds the installer and runs it or gives you the fake 403 error, is this supposed to be replaced in the installation process?

Thank you,
--Ray

[raybo]

OK, I finally found the issue, I installed on another server and it worked, so I copied the php.ini file over and the original started working. Next I compared the files and over a couple hours was finally able to find the offending line:
session.cookie_secure = 1 changing the 1 to a 0 and all was well.

[Steven]

Okay, good to hear it's working and thanks for letting me know the issue. The next version has a php.ini file in the /admin/ directory so I'll add that directive to it which should hopefully prevent this problem in the future.