Content Editors Logged Out

[sharpenator]

Hi

A couple of my content editors seem to have an issue I've not seen before.

When they're working full pelt at editing stuff, sometimes they hit "save" in the processwire CMS and it throws them out instantly and they lose their changes. They are then asked to log in again. I thought this might be session related so I've set sessionExpireSeconds to a whole day (86400), sessionChallenge to false, and sessionFingerprint to false too.

One editor in particular sees this issue at least a couple of times a day, and it normally happens around the same time of day too, which is 5:30-6:00pm UK time, so towards the end of his working day.

Anyone else seen this or got any tips to try and prevent this?

Thanks

S

[teppo]

Could be related to session fingerprinting, which is tied to IP address, so if that suddenly changes it might cause issues; you can try turning this off via /site/config.php. Just note that it's a security feature and you don't want to turn it off unless you really have to..

This thread contains couple of other things you could try.

[Soma]

@teppo he obviously said he turned that off.

[sharpenator]

Cool thanks. That thread was helpful - I'll instruct them to remove cookies relating to the site and see if a cookie conflict might have been at fault, perhaps left over from a previous version.

S

[teppo]

@teppo he obviously said he turned that off.

That's what you get for answering in haste

[sharpenator]

OK - cookies all removed and this is still happening.

Is there anywhere I can look like a log that might show the error that forces the throw-out?

Thanks

S

[sharpenator]

Some more on this

- is there a way I can tell which reason the user was logged out, e.g. if it thinks the session time has expired vs other reasons?

- it seems to happen more when someone is making lots of little edits

- should it matter that editors are using multiple tabs and copy content between each one?

Also of note:

We are using an in-house module that saves the collapsed states of the page hierarchy into the session variable - i.e. helps the editors by remembering which fields were collapsed for next time, so they don't have to go in and out of a big hierarchy each time they make and edit

- could this be the culprit here?

- it uses ajax to save the "fold status" on the fly to the session while editing, using the page id

- could there be an issues if the session is malformed or being access in a bad / insecure way?

Cheers

S

[sharpenator]

And one more final thought. Some of our pages are very big and have many fields. Could this log out occur due to PHP max_input_vars limit being reached?

[Soma]

Maybe session is filled and there's a problem cause it's not unlimited.

Yes there's a input var limit.

Maybe also there's some security mod on server that causes issues.

Doesn't look like PW is the issue.

[sharpenator]

OK - thanks
Any advice on error logs where I can try and pick up what's causing it to bomb out?

[Soma]

Not sure about logs. There's seems to be no error happening, it just logs you out (?) Which is not triggered by PW it seems, so maybe your server php, apache logs help?

[sharpenator]

Yeah - It just logs out, hence why I think it's probably a session fail rather than anything more server-related.

[Soma]

Since you turned of all session tests, I'm not sure.

If there is a session issue, you won't be able to debug much via PW, A hook into "Session::isValidSession" would give you true or false, so still no idea why session is not valid, if it is that at all.