SuiteCRM troubles could be caused by non-default session.name

SuiteCRM is a popular Open Source CRM platform. It uses PHP at its core for backend (server side) tasks. Given the flexibility of Apache and Nginx as web servers, and the number of ways PHP can be configured, it’s easy to run into trouble, as I did.

If you are experiencing issues with 403 (“Forbidden” or “Access denied”) errors with SuiteCRM, in particular for URLs beginning with /api/graphql, there are a couple of things you could check:

1. The session name

SuiteCRM, up to at least version 8.4.0 makes assumptions about the PHP session name. The default setting is PHPSESSID. I have always changed this for all instances of PHP I have configured, and I typically change it for every PHP-FPM pool as well.

Make sure the PHP setting session.name is configured as "PHPSESSID" (sans quotes)

2. The rewrite base

If you’re using Apache for your SuiteCRM environment, make sure you check the RewriteBase directive located in the .htaccess file in the public/legacy folder of your SuiteCRM installation. For most normal situations, this should be /legacy/ and nothing else.

 

 

(Image courtesy of unDraw)

Leave a Comment

Notify me of followup comments via e-mail. You can also subscribe without commenting.

This site uses Akismet to reduce spam. Learn how your comment data is processed.