Welcome to the THELIA support and discusssion forum


I installed Thelia manually (via compressed archive) and set up my local server in a Vagrant box. Now when I go to login as the admin user I created during installation, I get:

| Please check your input: Missing or invalid data: The CSRF token is invalid. Please try to resubmit the form.

I traced the issue to the Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage class: $storage->hasToken() was returning false. I then discovered that no $_SESSION variables I was setting manually were persisting at all. For example, I inserted each of the following lines in the code before two consecutive form posts, respectively:

die($_SESSION['foo'] = 'bar'); // output 'bar'
die($_SESSION['foo']); // Notice: Undefined index: foo

Also, if I add `die($data['$this->fieldName']);` inside CsrfValidationListener right before the Exception producing the error message is thrown, I get what sure as heck looks like a security token printed to the screen. So the token is definitely getting created; it's just not getting making it into the session.

I know sessions are working properly for other sites I'm running inside this same Vagrant box. So what I'm wondering is if Thelia is configuring a session handler behind the scenes that is trying to write to a file it doesn't have write permissions on, or something along those lines? To that end, I tried doing `chmod 777 project/path/local/session` but that didn't appear to have any effect.

Does Thelia use file-based session handling by default? If so, where does it keep them, if not in local/session/? If not, what do I need to do to get sessions working?

Any help appreciated! Thanks!