In Joomla 1.5.16, they have introduced a security check on the session that now forbid the usage of a session before Joomla.

When using Jms Multisites on a localhost, Jms multisites open the session to allow simulate production domain. As Jms open the session before Joomla this have a side effect with Joomla 1.5.16 that does not allow to login anymore when working on a "localshost" or "127.0.0.1".
We also noticied side effect with the Joomla 1.5.16 on JMS 1.0.x and JMS 1.1.x that can not login anymore.

If you want to bypass and discard the joomla security fix, you can put in comment the /librarries/joomla/application/application.php file line 533 ( $session->fork(); ) that is responsible of a new sessions infos.
This is a new statement introduced in Joomla 1.5.16 that result in ignoring all previous session initiallisations.
This will restore the login

what are the thoughts of upgrading to 1.5.16? Are people moving to it quickly? I didn't see any huge security holes.

I don't think I'm going to move my sites to it until 1.5.16 gets installed and tested more.

thoughts?

Personnally, we are trying to apply the security fixes as soon as possible but in this particular case, we have noticed several issue with Joomla 1.5.16 that may result by problem of login.

This also happen with Jms Multisites 1.0.x and Jms Multisitse 1.1.x that can no more login once you have installed the Joomla 1.5.16.

See also Joomla bug tracker where an alternative fix is published
joomlacode.org/gf/project/joomla/tracker...racker_item_id=20221

It consists in adding a line
$this->_createSession($session->getId());

just after the "sessions->fork" one.

This also fix the bug introduced in Joomla 1.5.16.

Hi - I tried both of the solutions suggested in this thread and neither one fixes the login issue. (The front end of my site isn't even displaying.)

I prefer to apply Joomla patches as soon as they're available, and I know another patch is scheduled for release tomorrow. Is a JMS patch planned to mitigate the login issue? If so, when? I would really really prefer not to edit the Joomla core, which is of course, why I love Multisites!


Thanks!
Nicole

We have just release the JMS multisites 1.2.27 and the patches 1.2.33 that include the fix published by joomla to correct the bug they have introduced in Joomla 1.5.16.

See the release note on
www.jms2win.com/faq/change-history-v12x