XF 1.5 Constant unlogging (very annoying)
- Thread starter vlom31
- Start date
JamesBrown
Well-known member
Whenever my members moan about this, they are almost always using an ipad or iPhone with Private Browsing turned on. Turn that off and they'll be sweet 
vlom31
Member
Whenever my members moan about this, they are almost always using an ipad or iPhone with Private Browsing turned on. Turn that off and they'll be sweet
I suspected that, but I actually tested it myself and it happens to me on normal chrome mobile..
Mehdi
vlom31
Member
Someone mentionned making sure it's always the same domain being called everywhere (https://mydomain.tld, vs with www. http://) but I did that too, it's https://mydomain.tld absolutely everywhere, problem is still there 
Mehdi
Mehdi
Well if you're using CloudFlare, the first thing is to resolve the issues caused by that: https://support.cloudflare.com/hc/e...o-I-restore-original-visitor-IP-with-XenForo-
Then, if that doesn't help, are you clicking "stay logged in"? If so, does it still happen?
Then, if that doesn't help, are you clicking "stay logged in"? If so, does it still happen?
If you're checking that option and you're still not staying logged in, that would appear to indicate some sort of issue with cookies not consistently being sent to your site. As long as cookies are sent, with that option selected, you should never appear to be logged out.
Do you have any issues accessing the control panel? (Presumably you should.)
Do you have any issues accessing the control panel? (Presumably you should.)
Divvens
Well-known member
Yea, my members (mainly on phone) complain of this issue too. Clicking the "stay logged in" helps them, but it is annoying as that is not checked by default in XF1 (thankfully its checked by default in XF2)
When I asked questions regarding this issue, I was told that if an IP Address changes when a user is browsing they will be logged out. This happens very often if someone is on a 3g/4g connection (changing of IP Address), so this security feature plays a spoil sport if users don't click the stay logged in option.
We checked and we had no issues with cache or storing sessions in cache, even with storing sessions in cache disabled it happened a lot.
So the only conclusion we came to was the security feature affecting such members, and from then we have just advised having them log in with "stay logged in" ticked.
If you are facing issues even with stay logged in ticked, it certainly is something very different.
Edit: not using cloudflare here, and is only reported by members using mobile browsers.
Edit: Thread for reference: https://xenforo.com/community/threads/users-reporting-getting-logged-out-on-mobile-devices.114134/
When I asked questions regarding this issue, I was told that if an IP Address changes when a user is browsing they will be logged out. This happens very often if someone is on a 3g/4g connection (changing of IP Address), so this security feature plays a spoil sport if users don't click the stay logged in option.
We checked and we had no issues with cache or storing sessions in cache, even with storing sessions in cache disabled it happened a lot.
So the only conclusion we came to was the security feature affecting such members, and from then we have just advised having them log in with "stay logged in" ticked.
If you are facing issues even with stay logged in ticked, it certainly is something very different.
Edit: not using cloudflare here, and is only reported by members using mobile browsers.
Edit: Thread for reference: https://xenforo.com/community/threads/users-reporting-getting-logged-out-on-mobile-devices.114134/
Last edited:
vlom31
Member
@Mike @Divvens thank you for your imput guys !
Mike yes it happens to me for the admin panel too sometimes, out of the blue, i'll go from the forum (logged in) to admin, clic and bam, redirected to login page ..
Divvens same here, it happens from time to time on desktop (very tolerable) but on mobile it is extreme, logged out every 3 or 4 clics ..
I will force the "stay logged in" to be checked, and i'm checking some other stuff to do with https.
Mehdi
Mike yes it happens to me for the admin panel too sometimes, out of the blue, i'll go from the forum (logged in) to admin, clic and bam, redirected to login page ..
Divvens same here, it happens from time to time on desktop (very tolerable) but on mobile it is extreme, logged out every 3 or 4 clics ..
I will force the "stay logged in" to be checked, and i'm checking some other stuff to do with https.
Mehdi
AndyB
Well-known member
I suggest using this add-on to always force using cookies:
https://xenforo.com/community/resources/remove-stay-logged-in.2444/
https://xenforo.com/community/resources/remove-stay-logged-in.2444/
vlom31
Member
I think I finally fixed it, so here's the solution (at least in my case) if anyone needs it later on..
- Cause : HTTPS via Cloudflare
- Explanation : Activating SSL via cloudflare makes it that both http:// and https:// are working
- Solution : Force stay logged-in with @AndyB 's add-on + Force https via htaccess (code bellow).
So basically, even though I put https:// in every possible place in ACP and templates, if user typed in the http:// url it would also work, and at some point he'll click an https:// link and might be unlogged, for some reason this was accentuated on mobile.
So I wanted to force all visits to https:// , searched for the code to put in the .htaccess file, which seemed rather straight forward, but was causing either an infinite loop to https:// or css to not be loaded ..
Issue was caused by Cloudflare, first I added the line suggested by @Mike and that you can find here :
https://support.cloudflare.com/hc/e...o-I-restore-original-visitor-IP-with-XenForo-
And after hours and hours of searching, I finally found a stackoverflow comment that was mentionning cloudflare causing issue with the generic RewriteRule, and the correct ones to use :
I tested extensively, on both chrome and safari mobile, even closing the apps entirely and relaunching them (which until this fix meant being logged out 100% of the times), and couldn't get it to unlog, so as of right now I consider it fixed (youppiii) .. will update if something happens
Mehdi
- Cause : HTTPS via Cloudflare
- Explanation : Activating SSL via cloudflare makes it that both http:// and https:// are working
- Solution : Force stay logged-in with @AndyB 's add-on + Force https via htaccess (code bellow).
So basically, even though I put https:// in every possible place in ACP and templates, if user typed in the http:// url it would also work, and at some point he'll click an https:// link and might be unlogged, for some reason this was accentuated on mobile.
So I wanted to force all visits to https:// , searched for the code to put in the .htaccess file, which seemed rather straight forward, but was causing either an infinite loop to https:// or css to not be loaded ..
Issue was caused by Cloudflare, first I added the line suggested by @Mike and that you can find here :
https://support.cloudflare.com/hc/e...o-I-restore-original-visitor-IP-with-XenForo-
And after hours and hours of searching, I finally found a stackoverflow comment that was mentionning cloudflare causing issue with the generic RewriteRule, and the correct ones to use :
Code:
# If we receive a forwarded http request from a proxy...
RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR]
# ...or just a plain old http request directly from the client
RewriteCond %{HTTP:X-Forwarded-Proto} =""
RewriteCond %{HTTPS} !=on
# Redirect to https version
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]I tested extensively, on both chrome and safari mobile, even closing the apps entirely and relaunching them (which until this fix meant being logged out 100% of the times), and couldn't get it to unlog, so as of right now I consider it fixed (youppiii) .. will update if something happens
Mehdi
