• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.5 Constant unlogging (very annoying)

#1
Hi,

I'm having a problem with my xenforo, in that people are unlogged regularly, and especially on mobile it is almost impossible to visit 3 pages without being unlogged ... anyone experienced this ? any ideas what might be causing it ?


Cheers,
Mehdi
 

Brogan

XenForo moderator
Staff member
#2
I presume you mean logging out?

Are those members checking the stay logged in option?

Are you using Cloudflare or some sort of reverse proxy?
 
#3
Hi Brogan, yes being logged out is what I meant.

I am using cloudflare yes, but issue was there way before I setup CF wich was done just recently.

Not sure about what reverse proxy is ..


Mehdi
 

JamesBrown

Well-known member
#4
Whenever my members moan about this, they are almost always using an ipad or iPhone with Private Browsing turned on. Turn that off and they'll be sweet (y)
 

Mike

XenForo developer
Staff member
#9
If you're checking that option and you're still not staying logged in, that would appear to indicate some sort of issue with cookies not consistently being sent to your site. As long as cookies are sent, with that option selected, you should never appear to be logged out.

Do you have any issues accessing the control panel? (Presumably you should.)
 

Divvens

Well-known member
#10
Yea, my members (mainly on phone) complain of this issue too. Clicking the "stay logged in" helps them, but it is annoying as that is not checked by default in XF1 (thankfully its checked by default in XF2)

When I asked questions regarding this issue, I was told that if an IP Address changes when a user is browsing they will be logged out. This happens very often if someone is on a 3g/4g connection (changing of IP Address), so this security feature plays a spoil sport if users don't click the stay logged in option.

We checked and we had no issues with cache or storing sessions in cache, even with storing sessions in cache disabled it happened a lot.

So the only conclusion we came to was the security feature affecting such members, and from then we have just advised having them log in with "stay logged in" ticked.

If you are facing issues even with stay logged in ticked, it certainly is something very different.

Edit: not using cloudflare here, and is only reported by members using mobile browsers.

Edit: Thread for reference: https://xenforo.com/community/threads/users-reporting-getting-logged-out-on-mobile-devices.114134/
 
Last edited:
#11
@Mike @Divvens thank you for your imput guys !

Mike yes it happens to me for the admin panel too sometimes, out of the blue, i'll go from the forum (logged in) to admin, clic and bam, redirected to login page ..

Divvens same here, it happens from time to time on desktop (very tolerable) but on mobile it is extreme, logged out every 3 or 4 clics ..

I will force the "stay logged in" to be checked, and i'm checking some other stuff to do with https.


Mehdi
 
#14
I think I finally fixed it, so here's the solution (at least in my case) if anyone needs it later on..

- Cause : HTTPS via Cloudflare
- Explanation : Activating SSL via cloudflare makes it that both http:// and https:// are working
- Solution : Force stay logged-in with @AndyB 's add-on + Force https via htaccess (code bellow).

So basically, even though I put https:// in every possible place in ACP and templates, if user typed in the http:// url it would also work, and at some point he'll click an https:// link and might be unlogged, for some reason this was accentuated on mobile.

So I wanted to force all visits to https:// , searched for the code to put in the .htaccess file, which seemed rather straight forward, but was causing either an infinite loop to https:// or css to not be loaded ..

Issue was caused by Cloudflare, first I added the line suggested by @Mike and that you can find here :
https://support.cloudflare.com/hc/e...o-I-restore-original-visitor-IP-with-XenForo-

And after hours and hours of searching, I finally found a stackoverflow comment that was mentionning cloudflare causing issue with the generic RewriteRule, and the correct ones to use :
Code:
# If we receive a forwarded http request from a proxy...
RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR]

# ...or just a plain old http request directly from the client
RewriteCond %{HTTP:X-Forwarded-Proto} =""
RewriteCond %{HTTPS} !=on

# Redirect to https version
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I tested extensively, on both chrome and safari mobile, even closing the apps entirely and relaunching them (which until this fix meant being logged out 100% of the times), and couldn't get it to unlog, so as of right now I consider it fixed (youppiii) .. will update if something happens :)


Mehdi