Session error (it was accessed via an old session token)

Start getting error after change hosting

Session “1590918220.c76fcd8114ee21833bfd” is currently read-only because it was accessed via an old session token

When you visit page first time you will get this error if you reload this page after one minute page is loading. What could be the problem?

What is in line 5 of review.php? Do you create a session?

$session = $kirby->session();

I don’t fully understand what you mean. Could you please rephrase that?

Sorry guys,
the problem was not with Kirby

there was security problem of hosting provider

	$url =  "" . $ip_addr;
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	$ip_data = curl_exec($ch);
	$ip_data = @json_decode($ip_data);
	/* $ip_data = @json_decode(file_get_contents("" . $ip_addr )); */

They close file_get_contents functionality, so that is why my script create a lot of sessions and send error. I change it to curl and all set to normal.

You could also use Kirby’s Remote class, which is a wrapper around cUrl…

1 Like

I’m getting the same error in a user register process.
After users Sign Up, they are redirected to the site using a token and sometimes this read-only session error appears. Any Ideas? Thanks in advance

Here is the code for that route, (I think I adapted this from Kirby Userkit)

 // Reset password after signup
        'pattern' => 'token/([a-f0-9]{32})',
        'action'  => function ($token) {
            $kirby   = kirby();
            if ($user = $kirby->user()) {

            if ($user = $kirby->users()->findBy('token', $token)) {
                    'token'    => '',
                    'password' => $user->changePassword($token),
                if ($user->login($token)) {
                } else {
            } else {

Could you please explain it more… because I still have errors periodically with session lock

My code is right now:
In my custom helper:
// Function to get user ipdata by IP address

 function geo_data() {
    	$ip_addr  = get_client_ip();
    	$kirby = kirby();
    	$api_key = site()->geo_api_key();
    	$session = $kirby->session();
    	$session_name= 'tmp.ip'.$ip_addr;
    	if ($session->get($session_name) && !@$_GET['s']==1) {
    		$geo_data = $session->get($session_name);
    	} else {
    		$data = @json_decode(file_get_contents(''.$ip_addr.'?api-key='.$api_key.''));
    		$session->set($session_name, $data);
    		$geo_data 	= $session->get($session_name);
    	return $geo_data;

And In my controller:
return function($site, $pages, $page, $kirby) {

  $geo_data 	= geo_data();
  if(@$geo_data->country_name === null or @$geo_data->flag === null) {
	  $geo_country = 'United States';
	  $geo_flag = '';
  } else {
  $geo_country 	= @$geo_data->country_name;
  $geo_flag		= @$geo_data->flag;	  

  return compact('geo_flag', 'geo_country');


Didn’t you write above that the issue was caused by file_get_contents()?

Yes, but now I’m using different ip service and this issue shooting in strange way, I can’t reproduce this bug.

That’s why I’m asking to help in how can I change this code with $remote

The syntax is

$response = Remote::get($url);

Do you mean to do something like that?

$request = Remote::get(''.$ip_addr.'?api-key='.$api_key.'');
        if ($request->code() === 200) {
            $data = $request->json(false);

Yes, does it not work?

It works, but I don’t know if it helps me with this problem. Need some time to check it.

For my taste, you use error suppression too excessively instead of properly checking for valid data and catching error in try/catch statements.

As I see the Kirby is written 2 sessions, that is why I think could be error

Is there any way to add $data to one session?