Answered Your session has expired. Please proceed to login again.

I've recently started to get this error message from my Manager and I would really appreciate some help because I tried everything I could and read but nothing helped.
After I log in, the dashboard starts to load. The left side with the resource tree never loads, but the right side is displayed (which contains the blocks 'Configuration Check', 'Who's Online', etc.). Then I immediately get a pop-up with 'Your session has expired. Please proceed to login again.' I guess, it is triggered by the 'Recently Edited Resources' block, which tries to display the list of resources but instead only displays a box with 'Loading...' and a spinning wheel.
I checked the HTTP requests with Firebug and I see that there is a request to and the JSON result from the server is
If in the pop-up I click on 'Logout' it doesn't work. It just displays the same incomplete dashboard again and the pop-up comes up again immediately.
If I enter my credentials into the pop-up I get a 'Session extended!' message at the top-right.
If then I select a menuitem from the top (for example Content -> New Resource) I get an incomplete dashboard again, but this time only the top menu bar is displayed with a blank white area beneath. This happens with most of the menuitems I've tried.
Could someone walk me through the troubleshooting of this issue? I've already tried many things, but I'm out of ideas and I'm not an expert enough in ModX internals to dig deeper.
Some further info which might be useful: I'm using Modx 2.4.1-pl. I'm using friendly urls. My 'session_cookie_lifetime' is 604800, 'session_cookie_path' is '/', 'session_cookie_domain' is empty. My current .htaccess file is the same as the factory ht.access file, except I added some mod_deflate and mod_expires settings at the end.

That suggests that the current user doesn't have permission to see one or more of the recently edited resources. If temporarily making the user a sudo user solves it, it's definitely a permission issue.

Another possibility is that the domain is changing in the course of the request, usually because the user is moved from a www domain to a non-www domain. The fix for that is to uncomment the part of .htaccess that forces either www or non-www URLs (but not both).

It could also be a problem with contexts if you have multiple front-end contexts.

Hi,
Thank you for your suggestions.
* Since I could not use the manager I went directly into the users table and changed the 'sudo' field for my user from 0 to 1. Then with an FTP client I deleted everything from the core/cache folder because I wasn't sure whether the users table is cached. I also deleted all domain, path and session cookies in Firefox. Unfortunately, this did not fix the problem. Everything behaved like before.
* I'm using a non-www domain, so I uncommented that part of .htaccess so it looks like this:

I cleared all cookies again and the whole cache folder. This did not help, either.
* Just for the sake of completeness I uncommented the second part (by putting back the comment on the first) so it looked like this:

Again, I cleared all cookies and the whole cache folder. I got an error in Firefox that 'the page is not redirected properly. The server redirects your request in a way that will never be fulfilled'.

Do you perhaps have any other suggestion?

Another question is, if I have the www and non-www redirection problem, and I inspect all HTTP requests with Firebug during logon, should I be able to see a www domain in one request and a non-www in another? I'm asking because I checked this and for all requests I see the non-www domain.

However, there is one interesting thing I can see in Firebug. After I click on the login button on the initial login screen a POST request is made to 'http://mydomain.de/manager/'. This contains my username and password in the POST data and the returnUrl parameter with the value '/manager/'. The server returns with response 302 (Moved Temporarily) and the Location in the response is 'http://mydomain.de/manager' (final slash is missing!). The response also contains my PHPSESSID cookie with the same value which is stored in my session table, and it is for my non-www domain.
After this, Firefox sends a GET request to 'http://mydomain.de/manager' sending my PHPSESSID cookie. This time it gets a 301 (Moved Permanently) response with the Location 'http://mydomain.de/manager/' (final slash is there, again!). After the request to 'http://mydomain.de/manager/' it finally gets a 200 (OK) response and the HTML code of the manager page.
Is this normal that first I'm redirected to a page without slash and then back to a page with slash?

It's a good question. I'd like to know myself.