Bug Xenforo Password Change Bug

Vitreus · Mar 26, 2025

Hello. When this add-on is active, Xenforo's security section does not open. When clicked, the page does not load and causes a timeout error. When I close the add-on, this problem is fixed.

Fillip H. · Mar 26, 2025

Can you check the server error log and post anything found in there?

Vitreus · Mar 26, 2025

Fillip H. said:
Can you check the server error log and post anything found in there?

There is no error log regarding this unfortunately.

Fillip H. · Mar 26, 2025

Have you tried disabling all other addons, leaving only DB Security enabled?

Vitreus · Mar 26, 2025

Fillip H. said:
Have you tried disabling all other addons, leaving only DB Security enabled?

Unfortunately I can't do that because there are dozens of plugins and we have an active forum.

Fillip H. · Mar 26, 2025

Then I won’t be able to assist further unfortunately

As you can see, the issue does not occur here @ DBTech, and so the only way to get to the bottom of this issue is to attempt to isolate the issue.

Just because the issue does not occur with DB Security disabled, does not mean it’s not a conflict with other addons that might require either change on my end or their end. There’s only one way to find out.

Vitreus · Mar 26, 2025

I'll try disabling all plugins later tonight.

Vitreus · Mar 26, 2025

Hi. I tried, but still broken. All plugins are disabled, only the Security plugin is active.

Vitreus · Mar 27, 2025

Fillip H. said:
Then I won’t be able to assist further unfortunately As you can see, the issue does not occur here @ DBTech, and so the only way to get to the bottom of this issue is to attempt to isolate the issue.

Just because the issue does not occur with DB Security disabled, does not mean it’s not a conflict with other addons that might require either change on my end or their end. There’s only one way to find out.

I did as you said, still the same result.

Fillip H. · Mar 27, 2025

The only other thing I can think of is; how many records do you have in the xf_dbtech_security_session table?

Vitreus · Mar 28, 2025

Fillip H. said:
The only other thing I can think of is; how many records do you have in the xf_dbtech_security_session table?

we have 170k members, its normal?

Fillip H. · Mar 28, 2025

It's likely this is the problem. Can you try running DELETE FROM xf_dbtech_security_session WHERE last_activity_date <= (UNIX_TIMESTAMP() - (86400*7))

This should delete all session records of users who have not been active for 7 days. Normally this is done automatically but it could not have been running @ your site for some reason.

Vitreus · Mar 29, 2025

Fillip H. said:
It's likely this is the problem. Can you try running DELETE FROM xf_dbtech_security_session WHERE last_activity_date <= (UNIX_TIMESTAMP() - (86400*7))

This should delete all session records of users who have not been active for 7 days. Normally this is done automatically but it could not have been running @ your site for some reason.

We did as we were told, the registrations dropped to 4000 but the problem persists.

We experience the same problem when we open this section in the admin panel.

Fillip H. · Mar 29, 2025

Are you sure your web host is suitable for a forum of your size? Less than four thousand rows should not cause any timeout errors. Furthermore, the fact that your host outright kills the script instead of letting the script handle database timeout errors makes it sound like it’s really not suitable for your forum.

Do you have a sysadmin you can contact for more information about why the script is being killed?

I’d be happy to assist in finding ways to optimise for your site, but it seems like your host’s overly restrictive script environment is preventing the built-in cleanup functions from running.

Vitreus · Mar 30, 2025

Fillip H. said:
Are you sure your web host is suitable for a forum of your size? Less than four thousand rows should not cause any timeout errors. Furthermore, the fact that your host outright kills the script instead of letting the script handle database timeout errors makes it sound like it’s really not suitable for your forum.

Do you have a sysadmin you can contact for more information about why the script is being killed?

I’d be happy to assist in finding ways to optimise for your site, but it seems like your host’s overly restrictive script environment is preventing the built-in cleanup functions from running.

We reinstalled the plugin. The problem was fixed, but it added 760 thousand data to the same table in half a day. We think there are serious problems with the plugin.

Fillip H. · Mar 30, 2025

No, session tracking to power the "Log out from other sessions" feature is not a "serious problem with the plugin".

As I mentioned in my previous post, the problem is that your host is overly restrictive when it comes to queries it perceives to be too slow. You will need to contact your host and see if they can disable whatever's causing the "Request Timeout" page to appear. If they cannot, you may need a new web host.

I can look into adding an option for disabling the session tracking in a future version, but that does not change the fact that there are larger forums than yours using the plugin with no problems.

Vitreus · Mar 30, 2025

Fillip H. said:
No, session tracking to power the "Log out from other sessions" feature is not a "serious problem with the plugin".

As I mentioned in my previous post, the problem is that your host is overly restrictive when it comes to queries it perceives to be too slow. You will need to contact your host and see if they can disable whatever's causing the "Request Timeout" page to appear. If they cannot, you may need a new web host.

I can look into adding an option for disabling the session tracking in a future version, but that does not change the fact that there are larger forums than yours using the plugin with no problems.

We already have a server with a new gen Xeon processor that has much more power than we need. Our server load is very low.

Fillip H. · Mar 30, 2025

Then, as I said, you will need to contact your sysadmin to ask why that page appears and ask them to disable it so the page can function normally. Database query timeout errors should be handled by the application (XenForo), not by the server in that manner.

Vitreus · Mar 30, 2025

Fillip H. said:
Then, as I said, you will need to contact your sysadmin to ask why that page appears and ask them to disable it so the page can function normally. Database query timeout errors should be handled by the application (XenForo), not by the server in that manner.

The timeout error comes after a long wait anyway. The data held in this table is too much and will probably be in the millions again soon.

Fillip H. · Apr 1, 2025

I'll be releasing an update - hopefully tomorrow - which will enable you to turn off the extended session tracking feature, as well as make various performance enhancements;

Optionally enable extended session tracking, but disable session tracking for guests - this will significantly reduce the number of database rows if the majority of your visitors are guests
Fixed an issue where three sessions could be created for a guest logging in
Allow tuning the logged-in session expiry time (default: 30 days) - expired sessions will be pruned from the database
Allow tuning the guest session expiry time (default: 24 hours) - expired sessions will be pruned from the database
Turning off the session tracking feature will now also empty the session database table
Turning off the fingerprinting feature will now also empty the fingerprint log database table

Bug Xenforo Password Change Bug

Vitreus

Fillip H.

Vitreus

Fillip H.

Vitreus

Fillip H.

Vitreus

Vitreus

Vitreus

Fillip H.

Vitreus

Fillip H.

Vitreus

Fillip H.

Vitreus

Fillip H.

Vitreus

Fillip H.

Vitreus

Fillip H.

Similar threads

DragonByte Security

We value your privacy