the secure PHP framework


Banshee 6 Fresh Install Yields Non-stop cms 401s

18 March 2017, 22:21
Greetings! I'm running the new version of Banshee on the latest Hiawatha, (Debian Stretch) but after setup, I'm getting constant login screens between each page in the CMS. I've double-checked my Hiawatha (including the banshee update on URLToolKit) and php-fpm confs, but nothing jumps out at me. I removed and reinstalled (complete with new demo db creation and db-user), but I still get the same.

I can progress and view admin pages, but I must re-enter username and password for each page, which also prevents a successful settings update. There are no 403s or incorrect login msgs...just the constant 401s. Anyone have any idea what would cause auth to drop like that? MySQL and PHP logs aren't providing clues and the browser/browser configs aren't the culprit. Is this a session/db issue or am I looking in the wrong place?
19 March 2017, 17:19

You have the same that I've got ... :-(
See my previous "auto -logout" message.

I did'nt yet resolve this.
With also hiawatha 10-3/4/5.
Compiled by me. All installations I've made very clean.

It's annoying, because everything else is running perfectly well, Hiawatha an Banshee are top tools, in my opinion ...

The only solution I've found: clean all the cookies, the browser cache, and of course re-login, and with luck, it goes ok for some time ...

23 March 2017, 09:23
I understand your frustration and agree...Hiawatha and Banshee seem great to me, even if they require a little extra work to integrate with other packages. At any rate, I was hoping to avoid posting logs and configs--I love fixing things myself...I was just curious if anyone could narrow down these symptoms to a specific fundamental area.

I'll post back if I find a workaround or fix, but it may be a week or two so I complete some other work for a client.
14 June 2017, 14:05
Hi again.

Didn't you seee something about this problem I called "auto logout" ?

I've been recently in many details in CMFs, but for this, I did not see yet what it is.
And I like Banshee, so it would be a pity I don't use it because this.

So if you have some news ?

Joe Schmoe
14 June 2017, 19:03
Someone recently mentioned that they fixed a similar problem by setting cgi.fix_pathinfo to 1.
Hugo Leisink
14 June 2017, 22:09
Does the client get a new session cookie with every request? If so, can the cookie be stored in the database correctly? Enough room in the varchar?
15 June 2017, 14:25
Thanks to everybody for replies.

-- For the < cgi.fix_pathinfo > php parameter,
yes, seen at the time, tried, no change.

-- Generally speaking.
I got this with Banshee #2/3/4.
I went into php source files for looking, but never modified one.
I modified *.css and *.xslt only.
For the database, with each version, each time I recreated it with the original dump sql file (Mysql and MariaDB, both used/tried).
I always check very carefully the running, with debug flag "on".
I want no error at all. It's what I have, despite this problem.

So now, practically, the question is, for me ...
Ok, I go deeper into the *.php sources, and of course, soon or later, I'll found the problem ...
But seen the clean code, until now I avoided this.

So, I do not know ... :-)
Hugo Leisink
15 June 2017, 14:37
If you provide me with an URL and a login for a dummy website, perhaps I can help.
15 June 2017, 14:48

For info, an extract of my Database structure =>

-- Table structure for table `sessions`

CREATE TABLE `sessions` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`session_id` varchar(100) NOT NULL,
`login_id` varchar(100) DEFAULT NULL,
`content` text,
`user_id` int(10) unsigned DEFAULT NULL,
`ip_address` varchar(50) NOT NULL,
`bind_to_ip` tinyint(1) NOT NULL,
`name` tinytext,
UNIQUE KEY `session_id` (`session_id`),
KEY `user_id` (`user_id`),
CONSTRAINT `sessions_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`)

-- Extract dump for table `settings`

... (42,'session_timeout','integer','1200'), (43,'session_persistent','boolean','true') ...

15 June 2017, 14:54
Oh, nice, Hugo.

A "non dummy" site is :
< > (or http://..)
User < ikguest >
Pwd < xx-ik-guest >

(Note: the problem I have, it's always with < admin >)

Hugo Leisink
15 June 2017, 14:59
That one works without a problem. I wasn't aware it's an admin-only issue. That makes it strange, cause an admin is not handled differently in terms of login. Can you setup a dummy website to which you can give me admin access?
15 June 2017, 17:01

Thanks a lot, Hugo.

In fact, I said "only with admin" because I have no experience with other accounts, I always use "admin" (or nobody; and sometimes, a try as some user).
But I thought what you said, that admin is not handled differently.

I tried also before, "ikguest", no problem.
And "admin", idem. But not surprised, because sometimes the "admin" login stays ok for sometime. It's often when I edit a page, for example, that it begins ... :-(

Just a note. I use Firefox browser. But I do not think it's it, and I tried also in the past other browsers, precisely for this problem. Same.

I have no "dummy" website ...
But later, I can put the same Banshee on my other node < >.
A better node, because it's a VPS where I control everything (Debian #8; with Hiawatha #10.6, among others tools).
And I can give you an admin access. But not through this Forum :-)

Hugo Leisink
19 June 2017, 19:54
If you still need some help with this, send the admin credentials to me by e-mail.
23 September 2017, 16:16
Hello Everyone,

Anyone can help me what folder i put this following code:

UrlToolkit {
ToolkitID = banshee
RequestURI isfile Return
Match ^/(css|files|fonts|images|js)(/|$) Return
Match ^/(favicon.ico|robots.txt)$ Return
Match [^?]*(\?.*)? Rewrite /index.php$1


cgi.fix_pathinfo = 0 (when using FastCGI PHP), 1 (otherwise)
cgi.rfc2616_headers = 1 (when using Hiawatha) / 0 (when using Apache)
register_globals = Off
allow_url_include = Off

Please Reply I need to know
Hugo Leisink
23 September 2017, 16:19
The UrlToolkit goes into your Hiawatha configuration file. The stuff below 'AND' are PHP configuration options and must be placed in php.ini (not all options are valid for PHP7).
23 September 2017, 16:42
Thanks Hugo,

This file name hiawatha.conf
by the way I aready install banshee but what folder in hiawatha i going to extract and in google chrome what will be the domain name.
23 September 2017, 17:02
Hello Guy's,

I already change the hiawatha configuration but when i try typing in browser it doesn't work ex:localhost/banshee/public.

Can you Help me please i feel confused.

23 September 2017, 17:42
What should be the php version needed for Hiawatha?
Hugo Leisink
24 September 2017, 12:02
You can chose the folder in which you want to extract Banshee. Use for example a sub folder in /var/www. The domain name is also something you chose yourself. Your questions tell me you have little understanding of webhosting. I advice you to learn more about it before trying Hiawatha and Banshee.

The directory 'public' must be the webroot. Read the Banshee README for installation instructions.

Hiawatha doesn't need PHP. It's optional.

Btw, why do you keep changing your name? It makes this discussion confusing.
25 September 2017, 04:10
Sorry About that Hugo,

By the way Hugo can make a step by step tutorial of installing banshee and Hiawatha through video that is more useful to all beginners like me pls..
Hugo Leisink
25 September 2017, 16:13
No, sorry. That requires more of my free time than I can spare. And besides that, all that video would contain is me going through the online documentation of Hiawatha [] and Banshee. Because all the information you need is already available.