Could not find rendering mount id on request session

I’ve been running HippoCMS locally for over a year, and we have it in various server environments, including production, too. Currently on 12.3.0. Suddenly, possibly because of something I have changed but cannot identity and fix, I’ve been unable to view any of my channels in the Channel Manager locally. On the server it is working as expected. I’m hoping this is an obvious mistake on my side that someone is able to point out.

All my channels are listed correctly, but selecting any of them displays a “Forbidden” page, as well as momentarily popping up two messages in the top right corner, “Failed to enter Edit mode” and “Failed to retrieve the sitemap for the current channel”

The log shows two warnings that could be of value:

[INFO] [talledLocalContainer] 04.06.2019 06:25:21 WARN http-nio-8080-exec-2 [CmsSecurityValve.invoke:112] Invalid request to redirect for authentication because request method is 'POST' and only 'GET' or 'HEAD' are allowed [INFO] [talledLocalContainer] 04.06.2019 06:25:22 WARN http-nio-8080-exec-8 [AbstractConfigResource.logAndReturnServerError:183] java.lang.IllegalStateException: Could not find rendering mount id on request session.

I see two failed network requests in my browser while trying to access a channel:


The browser console displays many errors, mostly related to values being ‘undefined’ after the failed network requests.

I’m logged in with the default admin user (admin:everywhere, readwrite:defaultwrite, editor:hippodocuments). Other more restricted users give the same result.

I have searched this site and Google for these messages, but found no result. While none of the issues seemed exactly the same I also tried many of the solutions on the Channel Manager Troubleshooting [1] page.

“Could not find rendering mount id on request session.” seems to be the most relevant issue, but I have no idea what is causing it or how to fix it.

Does anyone have any idea what is going on here? Any more info I can provide that’ll help?


I have not yet found a solution to this. Has anyone encountered and was able to solve the same issue?

not sure about the root cause of your issue, but maybe there could be some inconsistencies between the HST “published” configuration and the HST “preview” configuration.

You can try to remove this inconsistency by deleting the preview node, but be careful since this action will delete all your pending/unpublished changes done via the channel manager.

If you login to the cms/console, under your HST configuration node you can see the “preview” node: it’s greyed out node, with a “-preview” suffix. You can try delete this node (actually you can download a local copy first).

After the deletion, you can go back to the CMS application and open the channel manager again: while clicking on a specific channel, HST will clone the HST “published” configuration into a new “-preview” node. This means that both the configurations will be aligned, having the same starting point.

1 Like

In my case this is a fresh checked-out branch, so the channel preview has not yet been created. The project was built with clean verify and content repository deleted before running.

Another thing I see happening on my local is that the XHR call being made directly before the first one that fails with an authentication error, when accessing the Channel, is setting a secure session cookie. On local I’m running on http, which will not have access to the secure cookie, thus the session possibly isn’t properly authenticated.

Any ideas? Is this a setting somewhere on console?

I checked my web.xml for the cms module, and that does not seem to have anything that’ll set a secure cookie. We have a setting in there for our server environments that run on https, but leaving that in there on localhost makes the whole CMS inaccessible. In this instance it is just on some XHR calls in Channel Manager. The rest of the CMS works as expected.

I see all XHR calls have secure response JSESSIONID cookies, different on every response?

Hi Andre,
as you correctly pointed out, probably you have authentication issues while the CMS is trying to display the channel manager.

IIRC, while the CMS is displaying the channel manager, a CMSSecurityValve is used to check if the related HTTP call is invoked from a CMS context [1]. In case this is true, the related JCR session is “increased” in order to access to the preview nodes.

Maybe something goes wrong while the valve is trying to obtain a CMS preview session. You could try to debug this valve in order to understand what’s happening.



1 Like

Problem solved.

This was caused by the following that was added to the site module web.xml, which works on our servers that run on https, but not locally.:


Removing that block entirely fixed my problem.