Jump to content

Frequent Logout Issues


ChaseB
 Share

Recommended Posts

Hey Everyone,

Before I get to the issue, thought I'd say hi. I've been using processwire for about a year now for a bunch of small web projects but haven't made a forum account yet. I've really had a great time using it. So far I haven't had any issues that haven't been solved by reading the API or going through the forums. However, it seems that time has finally come.

Basically, I keep getting logged out of PW admin. There doesn't seem to be too much of a pattern governing after what amount of time it happens unfortunately. Sometimes 30seconds, sometimes 3 minutes. Today, I was getting logged out everytime I clicked a link on the admin page (any edit, new, save, etc).

I saw this forum post: http://processwire.com/talk/topic/2723-strange-loading-and-logout-issues-in-the-admin/?hl=logout

and followed what was done there. However, that hasn't really fixed any of my issues.

There hasn't been anything in the error log (not that I really expected there to be).

For all I know, this could be something on my end. I'm using the newest version of firefox for what it's worth.

Any thoughts on the matter would be appreciated, I'll really try anything anyone things might work.

Thanks!

-Chase

  • Like 1
Link to comment
Share on other sites

whut. u have in /site/assets/logs/errors.txt ? 

/site/config.php u set

$config->sessionFingerprint=false ?

what.say it for $config->sessionExpireSeconds ?

u have session.db module install or uses defalt sessionions ?

u look.in <?php phpinfo(); what say.it for

session.cache_expire
session.gc_divisor
session.gc_maxlifetime
session.gc_probability
session.save_handler
session.referer_check
u chealk session dir uses writeable /site/assets/sessions/ ?
  • Like 2
Link to comment
Share on other sites

I hadn't noticed the expireSeconds part of config.php before. I'll set that higher, should hopefully help. Thanks!

Unless you had previously modified this, I doubt that's it. The default setting of 86400 is 1 day, and that's not going to cause you to get logged out every 30 seconds or 3 minutes, etc. I am wondering more about the gc_divisor and gc_probability settings that WillyC posted about, as that has more potential to answer the apparent randomness and short active sessions that you've described. 

  • Like 2
Link to comment
Share on other sites

Our clients have reported identical problems a few times. After clearing browser history things have returned to normal.

This is probably unrelated, just wanted to point out that the issue may not be site-related at all.. :)

  • Like 3
Link to comment
Share on other sites

  • 1 year later...
  • 2 months later...
  • 10 months later...

We discovered a similar problems while debugging our page using Chrome Developer Tools.

When you enter the mobile inspector, your user agent changes. If you then happen to use the ProcessWire Backend WITHOUT the mobile inspector, you'll get logged out.
I followed the session tracelog and noticed that the fingerprint changed and thats why I got logged out.

The fingerprint is dynamically created using a md5 hash with the request user agent & request_ip. Since the user agent changes in mobile inspector, your session fingerprint will be different and therefore processwire logs you out.

Took me while to figure this out. Hope this helps others.

  • Like 5
Link to comment
Share on other sites

To prevent being logged out when dev-tools is open add:

$config->sessionFingerprint = 2;

in your site/config.php (my PW  version = 2.7)

No more logouts. Problem solved.

EDIT: Modified the instructions as teppo pointed out.

  • Like 1
Link to comment
Share on other sites

@jmartsch, two notes about that:

  1. Session fingerprint is a security feature, and should only be disabled when absolutely necessary. In your case this might actually be the situation, pointing this out in case someone else reads this :)
  2. It's never a good idea to modify anything in the wire directory – instead of that, copy the directive to /site/config.php and change it's value there.
  • Like 4
Link to comment
Share on other sites

  • 2 years later...
On 12/10/2015 at 12:48 PM, teppo said:

1. It's never a good idea to modify anything in the wire directory – instead of that, copy the directive to /site/config.php and change it's value there.

Hello,

So we don't need to change anything in wire/config.php? We keep the default value below:

$config->sessionFingerprint = 1;

That's right?

Link to comment
Share on other sites

  • 7 months later...

Hi guys, sorry I don't have understood well how works the fingerprint.

I have the same issue because our IP address cloud change during the session, so I have to change the setting. But I'm not sure which option use.

What exactly do the fingerprint?

Link to comment
Share on other sites

49 minutes ago, MarcoPLY said:

Hi guys, sorry I don't have understood well how works the fingerprint.

I have the same issue because our IP address cloud change during the session, so I have to change the setting. But I'm not sure which option use.

What exactly do the fingerprint?

https://processwire.com/api/ref/config/

 

Quote
$config->sessionFingerprint bool Should login sessions be tied to IP and user agent? 0 or false: Fingerprint off. 1 or true: Fingerprint on with default/recommended setting (currently 10). 2: Fingerprint only the remote IP. 4: Fingerprint only the forwarded/client IP (can be spoofed). 8: Fingerprint only the useragent. 10: Fingerprint the remote IP and useragent (default). 12: Fingerprint the forwarded/client IP and useragent. 14: Fingerprint the remote IP, forwarded/client IP and useragent (all).

 

  • Like 3
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...