Jump to content

2.2.3 issue


Marty Walker
 Share

Recommended Posts

Hi,

I'm running PW version 2.2.3 (upgraded from 2.2.2 on a live site) and for some reason I automatically get logged out after a few seconds or if I'm navigating between Pages and Setup for example. I've reset my cache and cleared as much cruft out of both Firefox and Chrome (OSX) as I can and I still have the same problem. Any thoughts?

Regards

Marty

Link to comment
Share on other sites

I never quite got Cloudflare working properly - it worked, but it was blocking legitimate users and caused me issues in PW admin so I quickly turned it off.

I think if I approach CloudFlare again I'll definitely do a lot more testing first to try and smooth out the kinks!

Link to comment
Share on other sites

This is the first time I've had an issue with CloudFlare. i don't have any problems with the Admin on another PW site I'm running (mine) so I thought there maybe it might be something specific to 2.2.3. No big deal. CF is nice to have but it's no big deal to go without. :)

Link to comment
Share on other sites

To be honest it might just have been server incompatibility in my case, but it was blocking legitimate users too and it was a reasonably wavy traffic site with users from across the globe so when some legit users were being flagged and I didn't have time to look into it further it was easier to turn it off.

I will definitely revisit it in future as the concept is amazing and the price is great (free).

Link to comment
Share on other sites

Martin: there are some new security stuff in PW, at least CSRF protection, which might cause this issue with CloudFlare.

If you would want to test this you can turn it off in your config.php

/**
* protectCSRF: enables CSRF (cross site request forgery) protection on all PW forms,
* recommended for improved security.
*
*/
$config->protectCSRF = false;
  • Like 1
Link to comment
Share on other sites

You could also try turning of session fingerprinting from your /site/config.php. Fingerprinting keeps track of your IP and HTTP user agent, and destroys the session if either changes. That sounds like what's happening to you.

/**
* sessionFingerprint: should login sessions be tied to IP and user agent? 
*
* More secure, but will conflict with dynamic IPs. 
*
*/
$config->sessionFingerprint = true; // change to false
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...