@alanthing opened this Issue on October 2nd 2014

I have Piwik behind a load balancing proxy and am using the database for session storage. My config.ini.php contains the following important bits:

force_ssl = 1
assume_secure_protocol = 1
session_save_handler = "dbtable"
force_ssl_login = 1
proxy_client_headers[] = "HTTP_X_CLUSTER_CLIENT_IP"
trusted_hosts[] = "analytics.domain.tld"

However, I would continually get an error about Form Security. Commenting out the 4 lines referenced in this forum post resolved the problem for me. This was brought up June 2013 and a reference was made to use paid Piwik support, but I believe this is a bug. If you're using multiple servers you cannot use PHP's file-base session storage and must use a central system, like a database.

@mattab commented on October 6th 2014 Owner

If I un-comment those lines in the Session.php file then the DB sessions don't work. Are you sure that after commenting those lines you're still using DB session?

@alanthing commented on October 6th 2014

I didn't check the DB table but it turned out not to work anyway as I discovered the next day (my initial test was in haste). But, I am definitely not able to use DB sessions with proxy; I ended up changing it to a single server with no proxy. Instead of closing this, I'm willing to help troubleshoot this configuration to get it working as expected if you are too. Thanks.

@mattab commented on October 6th 2014 Owner

Ok please create a new issue with possible steps to reproduce if you can, if there is a bug in piwik in this configuration then it would be nice to solve it :+1:

This Issue was closed on October 6th 2014
Powered by GitHub Issue Mirror