Jump to content

Keep getting logged out, regardless of settings


Goca
 Share

Recommended Posts

Hi there,

I am using ProcessWire version 3.0.165, and I keep getting randomly logged out within an hour (sometimes less than an hour) of inactivity. I've tried the recommendations in this forum post (including fully disabling fingerprinting with a value of 0 and false), to no avail:

 I am using CloudFlare on the site, and I have disabled fingerprinting to see if that was the issue, but unfortunately it hasn't helped. These are my current session config settings in site/config.php:

$config->sessionName = 'custom';
$config->sessionFingerprint = 0;
$config->sessionForceIP = $_SERVER['HTTP_X_FORWARDED_FOR'];
$config->sessionExpireSeconds = 86400;

I've also checked the "session" logs on the backend, and don't see any entries other than my logins.

We're building a quizzing system for students and really don't want them to be automatically logged out so often, so any help would be appreciated!

Thanks!

Link to comment
Share on other sites

Does this happen on a specific device? I’m aware of a similar problem with iOS/mobile Safari. ProcessWire doesn’t set an expiration date on its session cookie, which, as I understand it, technically advises browsers to throw the cookie away at the end of the browsing session, ie. when you close the browser. I’ve never seen a desktop browser actually do this, but mobile stuff operating systems are traditionally more conservative with that stuff and zealously clean up after themselves. Try putting this in your config.php:

ini_set('session.cookie_lifetime', 31556926); //1 year lol

Now, that’s a whole-ass year, after which your desktop sessions, which would otherwise have continued indefinitely, will probably terminate. I’ve been meaning to submit a real fix, which would involve extending the cookie every time the user is active, but this is what I live with right now.

I’m also surprised no one else has ever mentioned this, given the prevalence of mobile browsing. Maybe it’s just a problem with my setup.

Link to comment
Share on other sites

On 1/20/2022 at 7:49 AM, Jan Romero said:

Does this happen on a specific device? I’m aware of a similar problem with iOS/mobile Safari. ProcessWire doesn’t set an expiration date on its session cookie, which, as I understand it, technically advises browsers to throw the cookie away at the end of the browsing session, ie. when you close the browser. I’ve never seen a desktop browser actually do this, but mobile stuff operating systems are traditionally more conservative with that stuff and zealously clean up after themselves. Try putting this in your config.php:

ini_set('session.cookie_lifetime', 31556926); //1 year lol

Now, that’s a whole-ass year, after which your desktop sessions, which would otherwise have continued indefinitely, will probably terminate. I’ve been meaning to submit a real fix, which would involve extending the cookie every time the user is active, but this is what I live with right now.

I’m also surprised no one else has ever mentioned this, given the prevalence of mobile browsing. Maybe it’s just a problem with my setup.

@Jan Romero We're still heavy in the development stage of the site, so I actually haven't even tested on mobile yet. Right now I'm working on a desktop with Google Chrome version 97.x

Also I should clarify that this happens when I refresh the page after about an hour of inactivity, not when closing the browser. I'll try that line of code in config.php just in case though, any chance of fixing it would be great, haha.

 

On 1/20/2022 at 10:08 AM, Klenkes said:

I have a client who fights with his logouts as well. I am almost sure(98%) his Avira Antivir deletes or blocks something during his session.

Interesting... I've had this happen on both a desktop and a laptop that run separate antivirus softwares, so I don't think this is the problem in my case, but I'll add this to the list of things to test to try and fix the issue, lol.

 

5 hours ago, Guy Incognito said:

@Goca Are you using a cookie consent management tool by any chance? This potentially could mess with Processwire's cookies if not configured correctly.

Nope. We're still very early in the stages of development, mostly vanilla ProcessWire other than a few custom modules to start organizing helpful functions, and creating data structures with page templates.

Link to comment
Share on other sites

  • 2 weeks later...
On 1/22/2022 at 11:22 AM, Markus Thomas said:

I even use Cloudflare on the most of my sites and had the same issues.

Since i use

$config->sessionFingerprint=false;

everything works fine.

Maybe you have to use false instead of 0?

Good suggestion, but unfortunately it doesn't seem to have fixed the issue. Still trying to find a solution, but haven't had any luck yet.

Link to comment
Share on other sites

I had a problem with a site that was migrated to CPanel by the host, after which the front end worked but I couldn't log in at all (CSRF messages). This turned out to be due to the new setup using Memcached for the session storage. Fixed by updating php.ini; extract from the support ticket:

I resolved the issue with form submissions and admin login by
      updating the php.ini file in the root of the site. I commented out
      the session.save settings:

[Session];;;session.save_handler = memcached
;;;session.save_path = 10.169.0.130

 

Link to comment
Share on other sites

8 hours ago, kp52 said:

I had a problem with a site that was migrated to CPanel by the host, after which the front end worked but I couldn't log in at all (CSRF messages). This turned out to be due to the new setup using Memcached for the session storage. Fixed by updating php.ini; extract from the support ticket:

I resolved the issue with form submissions and admin login by
      updating the php.ini file in the root of the site. I commented out
      the session.save settings:

[Session];;;session.save_handler = memcached
;;;session.save_path = 10.169.0.130

 

This is good to know! I'm going to contact our host and see if this could be the issue, or perhaps even something else on the server that could be making fingerprint settings and session expiration settings ineffective. Will update once I find out more.

Link to comment
Share on other sites

  • 2 weeks later...

Seems like installing the SessionHandlerDB module has fixed the problem for me, so that sessions are saved in the DB rather than the file system. Now it seems like the only time I get logged out is when I close my browser.

  • Like 1
Link to comment
Share on other sites

10 hours ago, GKM490 said:

Seems like installing the SessionHandlerDB module has fixed the problem, so that sessions are saved in the DB rather than the file system

Good idea. I try that as well for my client.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...