We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Error: You are not authorized to perform this action during logout

March 11, 2014 6:59am

Subscribe [5]

  • #1 / Mar 11, 2014 6:59am

    RickRobinson

    35 posts

    I just completed migration of my EE site to a new server. I also upgraded to 2.8. Everything seems to be working except the member login/logout feature.

    Any time a logged-in member attempts to log out they get the EE error page with the message: “You are not authorized to perform this action”.

    I did have to turn off Allow New Member Registrations in member preferences because I was getting hit with a new member registration request about once every minute or two after migrating. But, I’ve tested turning that back on, and it still gives me this error.

    Can anyone help? I’ve cleared caches, but can’t think of anything else to try.

    [I just edited this post since I cannot verify that someone trying log in gets the same message.]

  • #2 / Mar 11, 2014 11:56am

    RickRobinson

    35 posts

    I’m getting this error on a link rendered from {path='logout'}, which looks like “http://www.rickandlynne.com/rick/go?ACT=10”. If that helps. (“go” is the name of my index.php file.)

  • #3 / Mar 14, 2014 2:04pm

    RickRobinson

    35 posts

    I really need to log out of EE for testing purposes. Does no one have any idea why I can’t log out?

  • #4 / Mar 15, 2014 7:38am

    RickRobinson

    35 posts

    This was bug. Will be fixed in 2.8.2. Caused by having secure forms turned off, which most people don’t have. Obscure at best.

  • #5 / Jul 17, 2014 6:37am

    Joobs

    362 posts

    Is there a hotfix for this?

    an upgrade to 2.9 isn’t viable for us at the moment.

  • #6 / Jul 17, 2014 11:03am

    Robin Sowell

    13255 posts

    Let’s see-  system/expressionengine/modules/member/mod.member_auth.php around line 545:

    if ($token != CSRF_TOKEN)
{

change to

if ( ! bool_config_item('disable_csrf_protection') && $token != CSRF_TOKEN)
{

    See if that does the trick.

  • #7 / Aug 01, 2014 9:01am

    Charley Parker

    60 posts

    I’m in the same boat. Running 2.8.1. on a heavily membership dependent site.  Had the “This form has expired” login bug problem; used the fix of turning off secure forms as described here: http://ageekandhisblog.com/expressionengine-how-to-fix-this-form-has-expired-please-refresh-and-try-again/

    That produced the “not authorized to log out” problem described in this thread.

    I can’t go up to 2.9 because of PHP version limitation on the host (which I only found out after going through the complete upgrade process). No immediate chance of PHP upgrade in sight.

    If this is fixed in 2.8.2, I would rather run 2.8.2 than leave secure forms off.

    Is there any provision for downloading a previous version of EE through my EllisLab account?

    (Alternately, is there a more elegant/secure fix to be found in the 2.9 files that could be applied to 2.8.1?)

  • #8 / Aug 18, 2014 5:09am

    helain le blanc

    10 posts

    Thank you Robin Sowell for the trick
    It’s working !

    Best regards.

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register