This action may only be performed with an elevated session.

[crazyx13th]

Description

I want to update the permissions of a user-group as the admin.
But allways I got:

Unauthorized
This action may only be performed with an elevated session.

Additional info

• Craft version: RC1
• PHP version: 7.0.26
• Plugins & versions:
  Element API 2.5.1
  Guest Entries 2.1.3
  Redactor 1.0.0.1

Thx!
Greetings
crazyx13th

[brandonkelly]

Thanks! Fixed for the next release.

[Emkaytoo]

@brandonkelly I'm still getting this issue on Pro 3.0.9. Thoughts?

[aemslie]

@brandonkelly Still getting this issue on Pro 3.0.11

[brandonkelly]

@Emkaytoo @aemslie In what context? Can you post steps to reproduce?

[aemslie]

@brandonkelly

1. settings -> users -> click user group -> change any setting -> save.

2. Get prompted to save -> save

3. Error
   

It's strange, I do not get this error locally, but our site is currently hosted on fortrabbit and it happens there.

[aemslie]

Ok this issue has been resolved. Need to use memcache to handle the sessions. Put this code at the top of config/app.php

if (getenv('MEMCACHE_COUNT'))
{ 
    $handlers = []; 
	foreach(range(1, getenv('MEMCACHE_COUNT')) as $num)
	{ 
        $handlers[] = getenv('MEMCACHE_HOST' . $num) . ':' . getenv('MEMCACHE_PORT' . $num); 
    }  
    ini_set('session.save_handler', 'memcached'); ini_set('session.save_path', implode(',', $handlers));
}

[branksz]

@brandonkelly I'm getting this issue 20% of the time when trying to register using the frontend registration form. I'm currently on: V3.0.11

[brandonkelly]

@branksz When it happens, are you already logged in with your user account? If you're already logged in, then even if you are using a front-end "registration" form, Craft won't see it that way – and will make sure that your account has permission to create users, and that you currently have an elevated session.

[branksz]

@brandonkelly Yes, when this happens I'm logged in as an admin with full access. The weird thing is that it sometimes works and sometimes not.

[brandonkelly]

Yeah when it does work, I’m assuming you are either not logged in, or you already happen to have an elevated session (because something else in the Control Panel required you to enter your password in the last 5 minutes).

[branksz]

@brandonkelly yep I figured it out, I have to check the elevated session and create a password prompt if there is not elevated session.

[mattandrews]

I'm seeing this on Craft Pro 3.0.17.1 when I try to save permissions of a user – I'm logged in as a full admin, I confirm my password in the prompt, and then I get the above error.

[brandonkelly]

@mattandrews take a look at #3058 as well.

[mattandrews]

Thanks @brandonkelly, it never occurred to me it might be down to our load balancer (even though we currently only have 1 running instance). I enabled sticky sessions on our AWS ELB and this has fixed the problem.