XF 1.1 Keep logging out of XF with Chrome

[Andy.N]

I noticed this as well in ACP and my members told me about getting logged out of XF (beta 5) using Chrome browser.
I don't notice the problem with forum home since I have selected "Stay logged in" but when I log in the ACP, and under one minute, while I'm trying to perform some task, it pops up that I need to log in to do that.
This just happens in beta 4, 5 and I have the js/data folder loads from CDN.

Is there an option where we can select how long a member is logged in?

 

[Jake Bunce]

Who would benefit from this cacheSessions line?

Busy sites:

http://xenforo.com/community/threads/xenforo-1-1-0-beta-5-released.22910/#post-285422

 

[Mike]

If you want to use that line, make sure that you have enough space in your cache to store the session data, by increasing what you expose to APC or using something like memcache. (The problem with APC is that it uses the same space for user data and the opcode cache, so you can fill it up without realizing. There are some expiration configuration options that would help as well, but I don't believe they're set out of the box.)

 

[MrC]

Fixed the problem by increasing APC cache to 256M. Thanks Jake and Mike

 

[Kevin]

Fixed the problem by increasing APC cache to 256M. Thanks Jake and Mike

That just made a huge difference for me!

 

[craigiri]

Thanks for the info on the user sessions.....
I notice the time setting on the ACP user status maxes at 60 minutes. Is there a setting (0 or empty) while makes it unlimited?
In my old forums, folks are used to being always logged in - me too. For many years I have not had to login.

And, if so, hopefully this will not show them as a current visitor online? In other words, is there a relation there or are online users counted by a different metric?

 

[Jake Bunce]

Thanks for the info on the user sessions.....
I notice the time setting on the ACP user status maxes at 60 minutes. Is there a setting (0 or empty) while makes it unlimited?
In my old forums, folks are used to being always logged in - me too. For many years I have not had to login.

And, if so, hopefully this will not show them as a current visitor online? In other words, is there a relation there or are online users counted by a different metric?

Read this thread:

http://xenforo.com/community/threads/how-to-set-the-default-time-for-users-to-stay-logged-in.20019/

 

[Digital Doctor]

2) A problem with cookie scope due to inconsistent forum links. All internal links are consistent, but user-submitted links (e.g. in posts) and links from addons and other customizations may be inconsistent. For example, if you login to the forum with a URL that has "www" but then visit a link without "www" then the login cookie can go out of scope which causes the user to be logged out. It is important that all links and bookmarks are consistent. You can add a rewrite rule to your .htaccess file to enforce no www and thereby avoid the potential problem of inconsistent links:

I am having this on a xenforo site.
So far, I seem to be the only one on the site with the problem.
It occurs for me on 2 different PCs (one XP and one Vista) with both Chrome and Firefox on each.

Is there an explanation why it would be a user-specific problem ?

 

[Jake Bunce]

Is there an explanation why it would be a user-specific problem ?

User-specific would be #1 or #2:

http://xenforo.com/community/threads/keep-logging-out-of-xf-with-chrome.22968/#post-286837

It could also be a problem on your end such as a misbehaving router or some other such weirdness.

 

[Digital Doctor]

2 different PCs, 2 different networks (so less likely a router issue).
I'll try it on a Windows 7 PC.

I am tempted to clear my cookies and cache to see if that works.
I am going to see if it happens to other users.

Note: for Troubleshooting ... this thread also deals with the #2 issue.
http://xenforo.com/community/threads/members-getting-logged-out-when-they-open-new-tab.30719/

User-specific would be #1 or #2:

http://xenforo.com/community/threads/keep-logging-out-of-xf-with-chrome.22968/#post-286837

It could also be a problem on your end such as a misbehaving router or some other such weirdness.

The problem was found.

The www log out error is because Xenforo set the cookies to be linked to whatever site you logged into. Therefore if you logged into the site without www and go to www you'd be logged out. If you simply log back in on www and without www this issue is moot. Just login twice (and click the check box to remember yourself)

I noticed this as well in ACP and my members told me about getting logged out of XF (beta 5) using Chrome browser.Is there an option where we can select how long a member is logged in?

If your server is being a proxy like CloudFlare, are you sure the correct IP address is being exposed to the server via REMOTE_ADDR? (That of the user, not of the proxy.)

The www log out error is because Xenforo set the cookies to be linked to whatever site you logged into. Therefore if you logged into the site without www and go to www you'd be logged out. If you simply log back in on www and without www this issue is moot. Just login twice (and click the check box to remember yourself)

The reason why this was happening to me was discovered.

 

[tafreehm]

I'm gonna make a big post here for future reference:

_____

Some possible causes of users being logged out:

1) The user was idle for too long and was automatically logged out for inactivity. The timeout is set in your:

Admin CP -> Home -> Options -> User Options -> Online Status Timeout

You can increase the timeout or tell your users to check Stay logged in when they login.

2) A problem with cookie scope due to inconsistent forum links. All internal links are consistent, but user-submitted links (e.g. in posts) and links from addons and other customizations may be inconsistent. For example, if you login to the forum with a URL that has "www" but then visit a link without "www" then the login cookie can go out of scope which causes the user to be logged out. It is important that all links and bookmarks are consistent. You can add a rewrite rule to your .htaccess file to enforce no www and thereby avoid the potential problem of inconsistent links:

RewriteEngine On
 
RewriteCond %{HTTP_HOST} !^yoursite\.com$
RewriteRule ^(.*)$ http://yoursite.com/$1 [R=301,L]

If the forum and .htaccess file is in a subdirectory then you need to specify that in the rules:

RewriteEngine On
 
RewriteCond %{HTTP_HOST} !^yoursite\.com$
RewriteRule ^(.*)$ http://yoursite.com/forum/$1 [R=301,L]

If you are using XenForo's .htaccess file for friendly URLs then you can add the new rules like so:

# Mod_security can interfere with uploading of content such as attachments. If you
# cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
# SecFilterEngine Off
# SecFilterScanPOST Off
#</IfModule>
 
ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default
 
<IfModule mod_rewrite.c>
RewriteEngine On
 
RewriteCond %{HTTP_HOST} !^yoursite\.com$
RewriteRule ^(.*)$ http://yoursite.com/forum/$1 [R=301,L]
 
# If you are having problems with the rewrite rules, remove the "#" from the
# line that begins "RewriteBase" below. You will also have to change the path
# of the rewrite to reflect the path to your XenForo installation.
#RewriteBase /xenforo
 
# This line may be needed to enable WebDAV editing with PHP as a CGI.
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
</IfModule>

3) Your server is behind a proxy that is messing up reporting of the client IP address. You can visit this page in your Admin CP to check the IP reporting:

admin.php?tools/phpinfo

Search the page for "REMOTE_ADDR". It should show your correct external IP address. If the IP is incorrect or it changes between requests then you will have login problems. This kind of problem means everyone on your forum will be affected.

4) You are storing sessions in a memory cache such as APC and that cache is getting full or is having uptime problems. You need to ensure that your cache doesn't get full and is reliable. Otherwise you can disable session caching by removing this line from your library/config.php file (it is false by default or when unspecified):

$config['cache']['cacheSessions'] = true;

thank you soo much for this.
I m not really good at rewrite rules stuff.. and I wanted to make all non www urls to www so this is what I wrote.

RewriteCond %{HTTP_HOST} ^yoursite\.com$
 
RewriteRule ^(.*)$ http://www.yoursite.com/forum/$1 [R=301,L]

and it seems to be working fine. But I would like to confirm with you if that seems correct and make sense. I do not want this to cause any errors that might break other unseen things.

Thanks

 

[Jake Bunce]

That is correct.

 

[Myke623]

I'm having a similar issue whenever I use the ACP, while browsing from my workplace. When I go from link to link I will often have to re-login into the ACP. This problem doesn't occur elsewhere, and seems independent of browser (tested in IE and Chrome).

What might be causing this?

 

[Paul Thomson]

Hi Jake,

Thanks for providing the following re-write rules, I'm running NGINX, I don't suppose you have the re-write rules for that do you?

I'm currently experiencing problems with logging in (it seems only when I enable my developer tools and dont use browser cache can I log in, after which I'm constantly being logged out every few minutes), I'm using Incapsula though so think that maybe an issue, but if I cannot get resolved I might start a new thread.

Thanks,
Paul

I'm gonna make a big post here for future reference:

_____

Some possible causes of users being logged out:

1) The user was idle for too long and was automatically logged out for inactivity. The timeout is set in your:

Admin CP -> Home -> Options -> User Options -> Online Status Timeout

You can increase the timeout or tell your users to check Stay logged in when they login.

2) A problem with cookie scope due to inconsistent forum links. All internal links are consistent, but user-submitted links (e.g. in posts) and links from addons and other customizations may be inconsistent. For example, if you login to the forum with a URL that has "www" but then visit a link without "www" then the login cookie can go out of scope which causes the user to be logged out. It is important that all links and bookmarks are consistent. You can add a rewrite rule to your .htaccess file to enforce no www and thereby avoid the potential problem of inconsistent links:

RewriteEngine On
 
RewriteCond %{HTTP_HOST} !^yoursite\.com$
RewriteRule ^(.*)$ http://yoursite.com/$1 [R=301,L]

If the forum and .htaccess file is in a subdirectory then you need to specify that in the rules:

RewriteEngine On
 
RewriteCond %{HTTP_HOST} !^yoursite\.com$
RewriteRule ^(.*)$ http://yoursite.com/forum/$1 [R=301,L]

If you are using XenForo's .htaccess file for friendly URLs then you can add the new rules like so:

# Mod_security can interfere with uploading of content such as attachments. If you
# cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
# SecFilterEngine Off
# SecFilterScanPOST Off
#</IfModule>
 
ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default
 
<IfModule mod_rewrite.c>
RewriteEngine On
 
RewriteCond %{HTTP_HOST} !^yoursite\.com$
RewriteRule ^(.*)$ http://yoursite.com/forum/$1 [R=301,L]
 
# If you are having problems with the rewrite rules, remove the "#" from the
# line that begins "RewriteBase" below. You will also have to change the path
# of the rewrite to reflect the path to your XenForo installation.
#RewriteBase /xenforo
 
# This line may be needed to enable WebDAV editing with PHP as a CGI.
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
</IfModule>

3) Your server is behind a proxy that is messing up reporting of the client IP address. You can visit this page in your Admin CP to check the IP reporting:

admin.php?tools/phpinfo

Search the page for "REMOTE_ADDR". It should show your correct external IP address. If the IP is incorrect or it changes between requests then you will have login problems. This kind of problem means everyone on your forum will be affected.

4) You are storing sessions in a memory cache such as APC and that cache is getting full or is having uptime problems. You need to ensure that your cache doesn't get full and is reliable. Otherwise you can disable session caching by removing this line from your library/config.php file (it is false by default or when unspecified):

$config['cache']['cacheSessions'] = true;

 

[DRE]

I'm missing these from my htaccess file. What do they do?

   RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]

 

[jayramfootball]

Fixed the problem by increasing APC cache to 256M. Thanks Jake and Mike

How do you do this? Is this an option in the ACP?

 

[Weppa333]

Just my 2 cents here, as an Xcache user

I often read Chris & Mike tell about misconfigured cache posing problems to session data. I had this problem myself once or twice (admin couldn't login).
I understand that in XF, this session table is roughly permanent (which is why it is stored in the db in the first place)

However, it's absolutely normal for a cache like xcache to throw away data when full, and there's no way on earth to configure it otherwise. So basically, if XF breaks when setting up session data into the cache, it's a problem with XF, not the cache.
For example, Xcache can be configured to toss everything older than X hours/days ( there are many reasons one would like to do that ) or, of course, when one of the variable caches is full.

Expecting Xcache to NEVER EVER throw away the session cache data is impossible, to the best of my knowledge, because there's no way to prevent it from removing the oldest data in a cache that's nearly full.
I also underline the fact that under xcache, total avail memory for variable caches are split by cpu count ( 16M cache -> 4x 4M caches) and it seems the XF session cache breaks even if ONE of those 4 caches if full.
I'm not into Xcache's source code but it seems Xcache does not "move" variable data from one cache to another, it considers that if one of the cache is full, data has to be removed from that specific cache ( it's nonsense to me, but I've witnessed session problems with only 1 full variable cache ona total of 4 )

My 2 cents, hopefully this gets attention for @Mike or @Chris Deeming

 

[Chris D]

I have never commented on misconfigured caches posing problems to session data.

 

[Weppa333]

http://xenforo.com/community/threads/admincp-short-log-in-time.50785/#post-543015

 

[Weppa333]

My point is ; admin session broken if the cache removes the session cache is a bug in XF, not in the cache. If the caching process does not find the table it is looking for, it should rebuild it in some way. Or maybe keep a copy of it in the DB, I don't know...

It's not a critical issue, but i've read here at least on 3 different occasions that it's a problem with the cache, it's a problem with XF imho.

 

[Chris D]

You haven't "often" seen me post about it then. Probably only once. I couldn't even remember.

And whereas what you're saying may or may not be correct, what I have said CAN be correct. I once switched on session caching and I could no longer log in. And that was because my server guy hadn't configured it properly.