Thread

Hi Stephen,

The problem is still persisting. I’ve deleted the original database and imported a backed-up version, but still cannot log into the CP or password protected areas.

You mentioned the columns in the “exp_sessions” table. What exactly should be, or not be, in there? Here’s what I see (sorry about the formatting, just was easier to copy/paste that type it all out):
Let me know if anything jumps out as unusual.

# Column Type Collation Attributes Null Default Extra Action
1 session_id varchar(40) utf8_general_ci No 0   Change   Drop More
2 member_id int(10)  No 0   Change   Drop More
3 admin_sess tinyint(1)  No 0   Change   Drop More
4 ip_address varchar(16) utf8_general_ci No 0   Change   Drop More
5 user_agent varchar(120) utf8_general_ci Yes NULL   Change   Drop More
6 last_activity int(10)  UNSIGNED No 0   Change   Drop More   Check All / Uncheck All With selected:  Browse Change Drop Primary Unique Index Fulltext
Print view Propose table structure
Add column(s) At End of Table At Beginning of Table After
Indexes:

Action Keyname Type Unique Packed Column Cardinality Collation Null Comment
Edit Drop PRIMARY BTREE Yes No session_id 0 A
Edit Drop member_id BTREE No No member_id 0 A
Edit Drop last_activity_idx BTREE No No last_activity 0 A

Create an index on   columns

Space usage
Type Usage
Data 0 B
Index 4,096 B
Total 4,096 B
Row Statistics
Statements Value
Format dynamic
Collation utf8_general_ci
Rows 0
Creation Jun 22, 2012 at 08:26 PM
Last update Jun 22, 2012 at 08:26 PM
Last check Jun 22, 2012 at 08:26 PM

Your db looks fine. What version were you running prior to trying to update? Can you show us what your system/expressionengine/libraries/Session.php file looks like?

Previous version was 2.1.3

Here’s the Session.php page:

<pre><code><?php if ( ! defined(‘BASEPATH’)) exit(‘No direct script access allowed’);
/**
* ExpressionEngine - by EllisLab
*
* @package ExpressionEngine
* @author ExpressionEngine Dev Team
* @copyright Copyright (c) 2003 - 2010, EllisLab, Inc.
* @license http://ellislab.com/expressionengine/user-guide/license.html
* @link http://expressionengine.com
* @since Version 2.0
* @filesource
*/

//————————————————————————————————————

/**
* ExpressionEngine Core Session Class
*
* @package ExpressionEngine
* @subpackage Core
* @category Core
* @author ExpressionEngine Dev Team
* @link http://expressionengine.com
*/

//————————————————————————————————————

/*
There are three validation types, set in the config file:

  1. User cookies AND session ID (cs)
 
This is the most secure way to run a site.  Three cookies are set:
1. Session ID - This is a unique hash that is randomly generated when someone logs in.
2. Password hash - The encrypted password of the current user
3. Unique ID - The permanent unique ID hash associated with the account.

All three cookies expire when you close your browser OR when you have been
inactive longer than two hours (one hour in the control panel).

Using this setting does NOT allow ‘stay logged-in’ capability, as each session has a finite lifespan.

  2. Cookies only - no session ID (c)

With this validation type, a session is not generated, therefore
users can remain permanently logged in.

This setting is obviously less secure because it does not provide a safety net
if you share your computer or access your site from a public computer.  It relies
solely on the password/unique_id cookies.

  3. Session ID only (s). 

Most compatible as it does not rely on cookies at all.  Instead, a URL query string ID
is used.

No stay-logged in capability.  The session will expire after one hour of inactivity, so
in terms of security, it is preferable to number 2.


NOTE: The control panel and public pages can each have their own session preference.
*/
class EE_Session {

var $user_session_len = 7200; // User sessions expire in two hours
var $cpan_session_len = 3600; // Admin sessions expire in one hour

var $c_session = 'sessionid';
var $c_uniqueid = 'uniqueid';
var $c_password = 'userhash';
var $c_expire = 'expiration';
var $c_anon = 'anon';
var $c_prefix = '';

var $sdata = array();
var $userdata = array();
var $tracker = array();
var $flashdata = array();

var $sess_crypt_key = '';

var $validation_type = '';
var $session_length = '';

var $cookies_exist = FALSE;
var $session_exists = FALSE;
var $access_cp = FALSE;

var $gc_probability = 5; // Garbage collection probability. Used to kill expired sessions.

var $cache = array(); // Store data for just this page load. Multi-dimensional array with module/class name, e.g. $SESS->cache['module']['var_name']

/**
* Session Class Constructor
*/
function __construct()
{
// Make a local reference to the ExpressionEngine super object
$this->EE =& get_instance();

// Is the user banned?
// We only look for banned IPs if it's not a control panel request.
// We test for banned admins separately in the front controller
$ban_status = FALSE;

if (REQ != 'CP')
{
if ($this->ban_check('ip'))
{
switch ($this->EE->config->item('ban_action'))
{
case 'message' : return $this->EE->output->fatal_error($this->EE->config->item('ban_message'), 0);
break;
case 'bounce' : $this->EE->functions->redirect($this->EE->config->item('ban_destination')); exit;
break;
default : $ban_status = TRUE;
break;
}
  }
  }

 
  /**———————————————————
  /**  Set session length.
  /**———————————————————*/
 
  $this->session_length = (REQ == ‘CP’) ? $this->cpan_session_len : $this->user_session_len;

  /**———————————————————
  /**  Set Default Session Values
  /**———————————————————*/

  // Set USER-DATA as GUEST until proven otherwise
 
  $this->userdata = array(
      ‘username’  => $this->EE->input->cookie(‘my_name’),
      ‘screen_name’  => ‘’,
      ‘email’  => $this->EE->input->cookie(‘my_email’),
      ‘url’  => $this->EE->input->cookie(‘my_url’),
      ‘location’  => $this->EE->input->cookie(‘my_location’),
      ‘language’  => ‘’,
      ‘timezone’  => ($this->EE->config->item(‘default_site_timezone’) && $this->EE->config->item(‘default_site_timezone’) != ‘’) ? $this->EE->config->item(‘default_site_timezone’) : $this->EE->config->item(‘server_timezone’),
      ‘daylight_savings’  => ($this->EE->config->item(‘default_site_dst’) && $this->EE->config->item(‘default_site_dst’) != ‘’) ? $this->EE->config->item(‘default_site_dst’) : $this->EE->config->item(‘daylight_savings’),
      ‘time_format’  => ($this->EE->config->item(‘time_format’) && $this->EE->config->item(‘time_format’) != ‘’) ? $this->EE->config->item(‘time_format’) : ‘us’,
      ‘group_id’  => ‘3’,
      ‘access_cp’  =>  0,
      ‘last_visit’  =>  0,
      ‘is_banned’  =>  $ban_status,
      ‘ignore_list’  =>  array()
      );
 

  // Set SESSION data as GUEST until proven otherwise
 
  $this->sdata = array(
      ‘session_id’  =>  0,
      ‘member_id’  =>  0,
      ‘admin_sess’  =>  0,
      ‘ip_address’  =>  $this->EE->input->ip_address(),
      ‘user_agent’  =>  substr($this->EE->input->user_agent(), 0, 50),
      ‘last_activity’ =>  0
    );
   
  //—————————————————————-
  // ‘sessions_start’ hook.
  //  - Reset any session class variable
  //  - Override the whole session check
  //  - Modify default/guest settings
  //
  $edata = $this->EE->extensions->universal_call(‘sessions_start’, $this);
  if ($this->E

Looks like the code was cut off for this post. Here’s a link to the code:

http://dynamicvideoad.mixpo.com/Sessions.rtf

I’ve now attempted to roll back to a previous DB version and reinstall 2.5.2 and got this error:

A Database Error Occurred
Error Number: 1060

Duplicate column name ‘batch_location’

ALTER TABLE `exp_upload_prefs` ADD `batch_location` VARCHAR(255)

Filename: updates/ud_215.php

Line Number: 169

Hey mixpo,
Sorry you’re still having trouble. This is a hard one without seeing it first hand. Have you read through this wiki? http://expressionengine.com/wiki/Troubleshooting_Upgrade_Errors/#Retrying_After_a_Failed_Upgrade

We were able to fix the issue. Had to create new database, import backup, then reinstall EE at a lower version (2.3.1). Thanks for your time and help Stephen!

Now it’s just a matter of damage control.

Whew! Glad you got it. And highly encourage employing some version control for the files. Git has saved my life so times.

Hey Guys,

This is some awesome team work. I love this community, you guys are smart and helpful. Totally did not need me at all.

Stephen, my friend, you need to be on Twitter so I can get to know you better.

Just have to mention my favorite way of getting ExpressionEngine into Version Control. That would be EE Master Config.

Happy coding,