We've had varnish on our Joomla site for some time now. Since we've had it our site speed has increased ,but the ability for our users to login has been very poor. Some instances users cannot login at all (they are redirected to the homepage after trying to login and the site still sees them as not logged in) or in some more disturbing instances users have gone to the site and been logged in as a random member they have never heard of. I assume this is something to do with Varnish clashing with the Amember/Joomla login module . Has anybody had similar problems and if so is there a fix? Thanks, Sean
Varnish doesn't cache any Amember pages and serves pages uncached to any user with a cookie from our website. Is it something to do with this code on the login form: <input type="hidden" name="return" value="LyNjb250ZW50" /><input type="hidden" name="3eb98b0810d3146d6341e329c951117c" value="1" /> I've submitted a ticket to Amember support but so far no response.
1. Are you logging into amember or joomla (be sure you are logging in / out of aMember and allowing single signon to Joomla instead of logging in directly to Joomla) 2. If, for some reason, you are logging directly into Joomla, do you have rules in place to prevent caching of it's native login/session management? 3. What is that login form code from?
1/We have the Amember plugin enabled in Joomla - so I believe this overrides Joomla's native login process and redirects all logins through Amember. 2/ We aren't logging directly into joomla (apart from administrators on the backend) 3/That is from the login form which appears on the homepage of the site. The login form also appears if a user tries to access a part of the site which is restricted to registered members only.
It's now Wednesday and the ticket has been waiting for 2 days. I thought they got back to you within 24 hours on a weekday?
1 For the users that cannot log on at all, have them try to log directly into aMember and see if they are able to. 2. The code you posted does not look like the aMember login code, maybe it is different for Joomla, not sure. Here is what the standard code looks like: Code: <form name="login" method="post" action="/amember/member.php"> <table align="center" class="vedit" > <tr> <th>Username</th> <td><input type="text" name="amember_login" size="15" value="" /></td> </tr> <tr> <th>Password</th> <td><input type="password" name="amember_pass" size="15" /></td> </tr> </table> <input type="hidden" name="login_attempt_id" value="1343811357" /> <br /> <input type="submit" value=" Login " /> <input type="button" value=" Back " onclick="history.back(-1)" /> </form> <br /> <p>Not registered yet? <a href="https://yourdomain.com/amember/signup.php">Signup here</a></p> <br /> <h3>Lost password?</h3> <form name="sendpass" method="post" action="https://yourdomain.com/amember/sendpass.php"> <table align="center" class="vedit" width="30%"> <tr> <th>Enter your <b>E-Mail Address</b> or <b>Username</b></th> <td><input type="text" name="login" size="12" /></td> </tr> </table> <input type="submit" value="Get Password" /> </form> 3. Are you logging in via HTTPS? Any chance you are having an issue switching back and forth between secure and non-secure with your configuration or varnish rules?
1/ None of the users can login using the login forms on Joomla - none of them work. The only way a user can sometimes login is if they go straight to the Amember page and login from there. Then when they go back to the homepage of the site (Joomla) they will be shown as logged in. That's obviously not ideal for us, as it means we aren't able to use login forms on the homepage or anywhere else for that matter. 2/ Thats the code that the Amember Joomla plugin generates from the mod_login module. 3/ we aren't using HTTPS What would be good is if somebody from Amember responded to the ticket and actually had a look at the set-up.
So when they log in via aMember and can "sometimes" login.. do you mean they can "sometimes" log into aMember or sometimes that successfully logs them into Joomla? Trying to clarify if the issue is ONLY with the Joomla side of things (ie. does aMember login always work)
Hi there, Yep, they can always login to Amember. When they are redirected to Joomla its hit and miss as to whether the login will carry across over there though. The most troubling aspect of this is that occasionally a guest will come to the site and see that they are logged in as a random member. They can even go to their Amember profile and edit it.
I got a fairly unhelpful 1 line response from Amember: "Sean, Amember or our plugin for Joomla does not add below fields to the form, so please try to disable it by editing of Varnish code." Does that even make sense? "disabling it by editing vanish code" - HUH? Does anybody at Amember even care anymore?
I know amember are going to try and pass this off as a varnish or joomla problem - but it isn't. It's a problem with their buggy joomla/amember plugin. If they have stopped offering support for their plugins they should say so and stop selling them.
Have you seen these articles on Joomla and varnish, specifically the parts talking about session management consideration: http://www.stardothosting.com/blog/2011/08/08/varnish-caching-with-joomla/ http://www.joomlahostingreviews.com/best-practices/accelerating-joomla-with-varnish.html http://armenianeagle.com/2011/06/25/joomla-varnish-caching-cookies-and-heavy-server-load/ for example, avoiding things that mess with the Joomla cookies in your Varnish config like this: Code: sub vcl_fetch { set beresp.ttl = 5m; # Time that the cache should be kept for. unset beresp.http.set-cookie; # Unset all cookies on the site }
Thanks Skippybosco I'll look into some of those links. I am appalled, however, by the service i'm receiving from Amember. I just received another half sentence response from them: "Hi, since it is generating by mod_login you need to edit php code for this module." Alex - where are you? This level of service is not acceptable. I have explained tmie and time again that i am using your Amember plugin so i expect some sort of SUPPORT for it. Is that too much to ask?
Lets continue in the topic you started: http://www.amember.com/forum/threads/amember-joomla-varnish-incompatibilty.15299/#post-58770