If you have a lot of end users who don’t keep their login details up to date, this issue can lead to situations where a user’s account is active but they cannot access any of the site’s content. To resolve this issue, update to the latest version of Concrete CMS and restart your server. If you are still experiencing this issue, consider setting up an OAuth 2.0 server to ensure that all of your login information is stored securely. Learn more about how to securely store login details in OAuth 2.0 end user accounts. Concrete CMS above 8.5.10 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. If you are using Concrete as your main CMS, but you are using another application as a frontend, you can get an error message like "This session has been invalidated. Please try again". This issue has been fixed in version 8.5.10.
Concrete CMS above 8.5.10 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. Can't login to the backend. This issue has been fixed in version 8.5.10.
Concrete CMS above 8.5.10 does not issue a new session ID upon
Concrete CMS VCS Limitations
If you are using Concrete CMS for your main Content Management System (CMS), but you are using another application as a frontend, you may get an error message like "This session has been invalidated. Please try again". This issue has been fixed in version 8.5.10.
Concrete CMS VCS Limitations
Concrete CMS 9.1.3+ or 8.5.10+
Concrete CMS version 8.5.10
Timeline
Published on: 11/14/2022 23:15:00 UTC
Last modified on: 11/17/2022 14:19:00 UTC
References
- https://github.com/concretecms/concretecms/releases/8.5.10
- https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
- https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
- https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
- https://github.com/concretecms/concretecms/releases/9.1.3
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43687