• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item6353: Web Server Based Authentication without support for creating Sessions breaks if have $TWiki::cfg{CryptToken}{Enable} = 1;

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine   Low Confirmed   n/a  

Edit Form Data

Reported By:
Applies To:
Current State:
Waiting For:
Target Release:
Released In:


This issue was first noticed by TWiki:Main/PeterThoney

If you have following setup in LocalSite.cfg

$TWiki::cfg{UseClientSessions} = 0;
$TWiki::cfg{LoginManager} = 'TWiki::LoginManager::ApacheLogin';

You will face issue like below:

In browser:

TWiki detected an internal error - please check your TWiki logs and webserver logs for more information.
Can't call method "id" on an undefined value

In Webserver (apache) - the error is:

> [Tue Oct 20 15:04:15 2009] [error] [client] Can't call method "id" on an
> undefined value at /var/www/vhosts/thoeny.org/svn/trunk/core/lib/TWiki/LoginManager.pm
> line 1136.

This issue is because of token system we created to fix CSRF issue. We will need some more time to fix this issue. In the mean time following workarounds can work:

  • Avoid using Crypttoken variables - using $TWiki::cfg{CryptToken}{Enable} = 0;


  • Use $TWiki::cfg{UseClientSessions} = 1; This creates the Sessions and so the creation of tokens is possible.

-- TWiki:Main/SopanShewale - 23 Oct 2009

Summary Web Server Based Authentication without support for creating Sessions breaks if have $TWiki::cfg{CryptToken}{Enable} = 1;
ReportedBy TWiki:Main.SopanShewale

SVN Range TWiki-5.0.0, Sun, 27 Sep 2009, build 18153
AppliesTo Engine

Priority Low
CurrentState Confirmed


TargetRelease n/a

Topic revision: r1 - 2009-10-23 - SopanShewale
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback