Skip to content
Grav 2.0 is officially stable. Read the announcement →
Log in Register
General

Logging in: You have been logged out

Started by Richard Turner 5 years ago · 3 replies · 717 views
5 years ago

Just upgraded to 1.7.10. I also updated all plugins that needed updating. I switched on 2FA. Now every time I login to admin I get a message saying I'm logged in, immediately followed by a little red popup saying "You have been logged out". I never get to the admin page. Anybody got any suggestions, please?

5 years ago

@rtx, Seems to be a know issue. If your issue is the same, it should be fixed in next release. See issue at Admin repo. Scroll down to see the 'You have been logged out' issue.

last edited 04/14/21 by pamtbaau
5 years ago

Thanks @pamtbaau. My issue is not the invalid security token issue of the original bug report, but it is identical to the report and image posted by Eihrister in the same dialogue. From the dialogue sequence on Github, I'm not sure whether or not this issue has been addressed in a pending release - I hope so.

I've managed to get in to the admin panel by editing my user/accounts/{name}.yaml file from the hosting control panel. I wasn't sure what I was doing, so I used as a template the yaml file from a site that I hadn't enabled 2FA on. There were a number of differences between the files. I wasn't sure which to change and which not, but it was not sufficient just to change the twofa_enabled: setting to false. I deleted some lines and changed the hashedpassword setting to the actual password (having deleted the "hashed" part of the field name.

5 years ago

@rtx, Down the thread it says:

All issues should be fixed now (tested with this site), so closing the issue.

Fixes are in the next release.

Then, if you look in the CHANGELOG, it says:

v1.10.11

04/13/2021

    • IMPORTANT Fixed security vulnerability that allows installation of plugins with minimal admin privileges GHSA-wg37-cf5x-55hq
    • Fixed You have been logged out message when entering to 2FA authentication due to /admin/task:getNotifications AJAX call
    • Fixed broken 2FA login when site is not configured to use Flex Users #2109
    • Fixed error message when user clicks logout link after the session has been expired

Usually, when a new release is in the making, it has no date set. This one has, so version v1.10.11 should have been released yesterday, but unfortunately the new version isn't yet detected by Admin nor $ bin/gpm update. Shouldn't take long though...

Suggested topics

Topic Participants Replies Views Activity
Replacement of plugin recent_posts
General · by Hanns Mattes, 20 hours ago
1 26 12 hours ago
Support Grav by following us on Product Hunt!
General · by Andy Miller, 12 hours ago
0 25 12 hours ago
Well done Grav Team
General · by Jerry Hunt, 5 days ago
2 145 2 days ago
Grav 2, Admin Next, API and Migrate are now in production!
General · by pamtbaau, 2 days ago
1 96 2 days ago
Welcome to the new Grav Forums!
General · by Andy Miller, 2 days ago
0 80 2 days ago