Why did you link #250 ?

@chmst thats part of the 403 error message and not a ref to a gh issue

Yes that should not have been linked in my message. Think it happende automatically.

Actually i also every once in a while experince this on Joomla 3 sites when trying to edit an article from a list view ?? Is this an old known bug ?

Is there any input on this - I have users who are getting annoyed over this isssue - and I do not know what to tell them ?

I could not find any open issue like yours and cannot replicate it.

Maybe there is something which destroys session data on your system? .htaccess? Any extensions for security? Maybe your hoster can support you here by checking error logs.?

I have only Admin tools installed on the site - have not changed the htaccess file for a long time, and I think the problem is quite new.

Nothing usefull in the error log - I can only see the 403 error in the access log.

Could you deactivate Admin Tools?

I have experienced the same issue with Joomla 4 on several different servers, when using the edit button on the menu item in the admin area. It appears to be caused by the modal code and an escaped single-quote, which triggers mod security.

This is what Mod Security has recorded
Request: GET /administrator/index.php?option=com_content&view=article&layout=modal&tmpl=component&c031c1a6095d274fd4db831353fc1c01=1&task=article.edit&id=%27%2022%20%27
Action Description: Access denied with code 403 (phase 2).
Justification: String match "'" at ARGS:id.

DEFA-1785

SecRule REQUEST_METHOD "@rx ^GET$" "id:77140923,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Joomla Component Jreservation Blind SQLi Vulnerability||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_i360custom',tag:'joomla_plugin'"
SecRule REQUEST_FILENAME "@ENDSWITH /index.php" "chain,t:none,t:normalizePath"
SecRule ARGS:option "@Streq com_content" "chain,t:none"
SecRule ARGS:view "@Streq article" "chain,t:none"
SecRule ARGS:id "@contains '" "t:none"

I'm having the same error trying to use the edit link to (some) users in "Users" -> "Manage". Even not able to edit my own superuser account via this path. Strangly when using "User menu" -> "Edit Account" I will be able to edit the superuser account.

Someone knows what to do about it?

@RustyR Usually, it happens when :

• Someone else tried to edit the user account before. But they left the edit screen without saving change or without click on Cancel/Close button. In this case, the record remains checked out and you will have to check in it first before editing
• Or you use wrong link to edit the account. The right link is in this format index.php?option=com_users&task=user.edit&id=415 (it does several technical things here) before redirect you to edit screen with this kind of URL index.php?option=com_users&view=user&layout=edit&id=415 . So if you use wrong link to edit like this index.php?option=com_users&view=user&layout=edit&id=415, Joomla knows that you do not go with the right route and it will display that error.

That are the two possible cases (beside session timeout) I can think about this error,

@joomdonation:

• I'm the only one who did edit the user account(s) and after a global checkin still not able to use the edit link.
• The link is in this format: index.php?option=com_users&task=user.edit&id=415

Also strange that I can edit 1 out of 3 users??

@RustyR From technical point of view, it seems the code which stores/retrieves data to/from session is not working properly on your site for some reasons. Without check it directly on your site to see the error, it's hard to say why it is not working

Since it relates to session, you might want to go to System -> Global configuration, look at System tab, change Session Handler to use a different option (compare to the current one) to see if it address the issue. If not, I guess you will have a developer to check it directly on your site to figure out what's wrong and get it sorted

Here we can only check and fix the issue if there is a reliable way tore-procedure it on a fresh Joomla installation.

@joomdonation Thanks very much for taking the time to look into this matter. After letting it go for 24 hours the problems are gone. I think it was cache related (if that's possible with handling sessions). Thanks again and have a nice day!!

@RustyR Strange but happy to hear that it is gone :). Thanks for the update !

@rbuelund are you still encountering these issues? Or did you find a solution in the meantime?

I have not encountered the problem for a while now - so maybe it has vanished :-) ?

Closing for now. Thanks for reporting back.