ChaseB Posted July 11, 2013 Share Posted July 11, 2013 Hey Everyone, Before I get to the issue, thought I'd say hi. I've been using processwire for about a year now for a bunch of small web projects but haven't made a forum account yet. I've really had a great time using it. So far I haven't had any issues that haven't been solved by reading the API or going through the forums. However, it seems that time has finally come. Basically, I keep getting logged out of PW admin. There doesn't seem to be too much of a pattern governing after what amount of time it happens unfortunately. Sometimes 30seconds, sometimes 3 minutes. Today, I was getting logged out everytime I clicked a link on the admin page (any edit, new, save, etc). I saw this forum post: http://processwire.com/talk/topic/2723-strange-loading-and-logout-issues-in-the-admin/?hl=logout and followed what was done there. However, that hasn't really fixed any of my issues. There hasn't been anything in the error log (not that I really expected there to be). For all I know, this could be something on my end. I'm using the newest version of firefox for what it's worth. Any thoughts on the matter would be appreciated, I'll really try anything anyone things might work. Thanks! -Chase 1 Link to comment Share on other sites More sharing options...
WillyC Posted July 11, 2013 Share Posted July 11, 2013 whut. u have in /site/assets/logs/errors.txt ? /site/config.php u set $config->sessionFingerprint=false ? what.say it for $config->sessionExpireSeconds ? u have session.db module install or uses defalt sessionions ? u look.in <?php phpinfo(); what say.it for session.cache_expire session.gc_divisor session.gc_maxlifetime session.gc_probability session.save_handler session.referer_check u chealk session dir uses writeable /site/assets/sessions/ ? 2 Link to comment Share on other sites More sharing options...
ChaseB Posted July 11, 2013 Author Share Posted July 11, 2013 I hadn't noticed the expireSeconds part of config.php before. I'll set that higher, should hopefully help. Thanks! Link to comment Share on other sites More sharing options...
ryan Posted July 12, 2013 Share Posted July 12, 2013 I hadn't noticed the expireSeconds part of config.php before. I'll set that higher, should hopefully help. Thanks! Unless you had previously modified this, I doubt that's it. The default setting of 86400 is 1 day, and that's not going to cause you to get logged out every 30 seconds or 3 minutes, etc. I am wondering more about the gc_divisor and gc_probability settings that WillyC posted about, as that has more potential to answer the apparent randomness and short active sessions that you've described. 2 Link to comment Share on other sites More sharing options...
teppo Posted July 12, 2013 Share Posted July 12, 2013 Our clients have reported identical problems a few times. After clearing browser history things have returned to normal. This is probably unrelated, just wanted to point out that the issue may not be site-related at all.. 3 Link to comment Share on other sites More sharing options...
opalepatrick Posted November 19, 2014 Share Posted November 19, 2014 I just cleared browser history after having a similar problem. Now working fine. Thanks Teppo. Yeah, I know thread is old Link to comment Share on other sites More sharing options...
dotnetic Posted January 29, 2015 Share Posted January 29, 2015 I had the same problems with fresh install of ProcessWire 2.5.3 on a local webserver (Win 8.1 WAMPSERVER). After clearing the browser history no more logouts. Link to comment Share on other sites More sharing options...
Mobiletrooper Posted December 9, 2015 Share Posted December 9, 2015 We discovered a similar problems while debugging our page using Chrome Developer Tools.When you enter the mobile inspector, your user agent changes. If you then happen to use the ProcessWire Backend WITHOUT the mobile inspector, you'll get logged out.I followed the session tracelog and noticed that the fingerprint changed and thats why I got logged out.The fingerprint is dynamically created using a md5 hash with the request user agent & request_ip. Since the user agent changes in mobile inspector, your session fingerprint will be different and therefore processwire logs you out.Took me while to figure this out. Hope this helps others. 5 Link to comment Share on other sites More sharing options...
kongondo Posted December 9, 2015 Share Posted December 9, 2015 (edited) @Mobiletrooper, I think you are right on the money . Been experiencing this a lot lately in Chrome Edit: Welcome to the forums Edited December 9, 2015 by kongondo 1 Link to comment Share on other sites More sharing options...
dotnetic Posted December 10, 2015 Share Posted December 10, 2015 To prevent being logged out when dev-tools is open add: $config->sessionFingerprint = 2; in your site/config.php (my PW version = 2.7) No more logouts. Problem solved. EDIT: Modified the instructions as teppo pointed out. 1 Link to comment Share on other sites More sharing options...
teppo Posted December 10, 2015 Share Posted December 10, 2015 @jmartsch, two notes about that: Session fingerprint is a security feature, and should only be disabled when absolutely necessary. In your case this might actually be the situation, pointing this out in case someone else reads this It's never a good idea to modify anything in the wire directory – instead of that, copy the directive to /site/config.php and change it's value there. 4 Link to comment Share on other sites More sharing options...
dotnetic Posted December 10, 2015 Share Posted December 10, 2015 @teppo You´re right. Thanks for pointing this out. So I added $config->sessionFingerprint = 2; to site/config.php. Option 2 Fingerprints only the remote IP and not the user-agent 1 Link to comment Share on other sites More sharing options...
Jules Vau Posted July 9, 2018 Share Posted July 9, 2018 On 12/10/2015 at 12:48 PM, teppo said: 1. It's never a good idea to modify anything in the wire directory – instead of that, copy the directive to /site/config.php and change it's value there. Hello, So we don't need to change anything in wire/config.php? We keep the default value below: $config->sessionFingerprint = 1; That's right? Link to comment Share on other sites More sharing options...
dotnetic Posted July 9, 2018 Share Posted July 9, 2018 @Jules Vau Yes, thats correct. The setting in site/config.php overwrites the one in the wire directory. 2 1 Link to comment Share on other sites More sharing options...
Marco Ro Posted February 13, 2019 Share Posted February 13, 2019 Hi guys, sorry I don't have understood well how works the fingerprint. I have the same issue because our IP address cloud change during the session, so I have to change the setting. But I'm not sure which option use. What exactly do the fingerprint? Link to comment Share on other sites More sharing options...
kongondo Posted February 13, 2019 Share Posted February 13, 2019 49 minutes ago, MarcoPLY said: Hi guys, sorry I don't have understood well how works the fingerprint. I have the same issue because our IP address cloud change during the session, so I have to change the setting. But I'm not sure which option use. What exactly do the fingerprint? https://processwire.com/api/ref/config/ Quote $config->sessionFingerprint bool Should login sessions be tied to IP and user agent? 0 or false: Fingerprint off. 1 or true: Fingerprint on with default/recommended setting (currently 10). 2: Fingerprint only the remote IP. 4: Fingerprint only the forwarded/client IP (can be spoofed). 8: Fingerprint only the useragent. 10: Fingerprint the remote IP and useragent (default). 12: Fingerprint the forwarded/client IP and useragent. 14: Fingerprint the remote IP, forwarded/client IP and useragent (all). 3 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now