AdminCP short log-in time

[Adam Howard]

I seem to get logged out of the administrator control panel (AdminCP) fairly easily... ie... My ability to remain logged in for a longer time is not adequate.

So if I have a lot to do, say for example update 8 add-ons and remove 3, I'm just as likely to get logged out in the middle of rebuilding the cache (template).

Thoughts? Possible solutions?

 

[xf_phantom]

Lifetime is set to 3600 seconds (like in frontend) or 86400 if debug mode is enabled

Sadly it's still not configurable via the config file:/

 

[Adam Howard]

At the moment, here is my htacess file (both copied and attached)

I don't believe there is anything here to cause an issue as the issue only affects AdminCP.

But here it is just for reference (ya never know)

#The top of your .htaccess file
IndexIgnore *
Options +FollowSymLinks -Multiviews -Indexes
#    Mod_security can interfere with uploading of content such as attachments. If you
#    cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#    SecFilterEngine Off
#    SecFilterScanPOST Off
#</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default

<IfModule mod_rewrite.c>
    RewriteEngine On
    
    RedirectMatch 301 ^/forum/?$ /forums/
    RedirectMatch 301 ^/community/?$ /forums/
    RedirectMatch 301 ^/board/?$ /forums/
    RedirectMatch 301 ^/boards/?$ /forums/
    RedirectMatch 301 ^/beta/?$ /forums/
    RedirectMatch 301 ^/forums/members/?$ /forums/
    RewriteCond %{HTTP_HOST} !^www\.sociallyuncensored\.eu$
    RewriteRule ^(.*)$ http://www.sociallyuncensored.eu/?$1 [R=301,L]
    
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?sociallyuncensored.eu [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?sociallyuncensored.com [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.com [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?xenforo.com [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?twitter.com [NC]
    RewriteRule \.(jpg|jpeg|png|gif|svg|css|js|pdf|zip)$ http://www.sociallyuncensored.eu/hotlink.jpg [NC,R,L]
    
    #    If you are having problems with the rewrite rules, remove the "#" from the
    #    line that begins "RewriteBase" below. You will also have to change the path
    #    of the rewrite to reflect the path to your XenForo installation.
    #RewriteBase /xenforo

    #    This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
    
      #Block mySQL injects
 RewriteCond %{QUERY_STRING} (;|<|>|’|”|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark) [NC,OR]
 
 RewriteCond %{QUERY_STRING} \.\./\.\. [OR]
 
 RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
 RewriteCond %{QUERY_STRING} \.[a-z0-9] [NC,OR]
 RewriteCond %{QUERY_STRING} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC]
 # Note: The final RewriteCond must NOT use the [OR] flag.
</IfModule>

#Deny attempts to view the Htaccess file.
<Files .htaccess>
Order allow,deny
Deny from all
</Files>

<IfModule mod_headers.c>
        # properly handle requests coming from behind proxies
        Header append Vary User-Agent
        <FilesMatch "\.(js|css|xml|gz)$">
                Header append Vary Accept-Encoding
        </FilesMatch>
    # remove ETags, it's important
    Header unset ETag
    FileETag None   
    Header unset Last-Modified
</IfModule>

# Deflate files to fasten the loading with adding compression
<IfModule mod_deflate.c>
    SetOutputFilter DEFLATE
    AddOutputFilterByType DEFLATE application/x-httpd-php text/html text/xml text/plain text/css text/javascript application/javascript application/x-javascript image/jpeg image/jpg image/png image/gif font/ttf font/eot font/otf
# Properly handle old browsers that do not support compression
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    # Explicitly exclude binary files from compression just in case
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|pdf|swf|ico|zip|ttf|eot|svg)$ no-gzip
</IfModule>
<ifModule mod_expires.c>
    #Setting expiry time by content type to 1 day
    ExpiresActive On
    ExpiresDefault "access plus 1 seconds"
    ExpiresByType image/gif "access plus 86400 seconds"
    ExpiresByType image/jpeg "access plus 86400 seconds"
    ExpiresByType image/png "access plus 86400 seconds"
    ExpiresByType text/css "access plus 86400 seconds"
    ExpiresByType text/javascript "access plus 86400 seconds"
    ExpiresByType application/x-javascript "access plus 86400 seconds"
</ifModule>

 

[Adam Howard]

Lifetime is set to 3600 seconds (like in frontend) or 86400 if debug mode is enabled

Sadly it's still not configurable via the config file:/

That would be 1 hour. Which would be OK. I'm not getting an hour. I'm getting minutes (between 5 - 15).

 

[Chris D]

Do you have session caching enabled in your config file? I've seen this log you out immediately if misconfigured.

 

[Mike]

Also, if your IP is changing (as can be caused by reverse proxies), that can log you out.

 

[Adam Howard]

Do you have session caching enabled in your config file? I've seen this log you out immediately if misconfigured.

Current config.php

<?php
#$config['enableListeners'] = false;
#$config['debug'] = 1;
$config['db']['host'] = 'It's a secret';
$config['db']['port'] = 'It's a secret';
$config['db']['username'] = 'It's a secret';
$config['db']['password'] = 'It's a secret';
$config['db']['dbname'] = 'It's a secret';
$config['superAdmins'] = 'It's a secret';
$config['javaScriptUrl'] = 'http://cdn.sociallyuncensored.com/js';
$config['externalDataUrl'] = 'http://cdn.sociallyuncensored.com/data';
if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) { $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP']; }

Not currently using any cache opinions at the moment

 

[Adam Howard]

Also, if your IP is changing (as can be caused by reverse proxies), that can log you out.

If that was the cause it would be affecting me on the forums as well, but its not. Staying logged in the site is not an issue. It's only AdminCP

 

[Mike]

It may well be affecting you on the front end, but if you have "remember me" selected, you won't notice (it'll create a new session with you logged in already silently).

 

[Adam Howard]

It may well be affecting you on the front end, but if you have "remember me" selected, you won't notice (it'll create a new session with you logged in already silently).

We really need a "remember me" for AdminCP then.

1.2 ? (come on, you know you want to. LOL .... please.... )