1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.1 Keep logging out of XF with Chrome

Discussion in 'Troubleshooting and Problems' started by Andy.N, Nov 10, 2011.

  1. Andy.N

    Andy.N Well-Known Member

    I noticed this as well in ACP and my members told me about getting logged out of XF (beta 5) using Chrome browser.
    I don't notice the problem with forum home since I have selected "Stay logged in" but when I log in the ACP, and under one minute, while I'm trying to perform some task, it pops up that I need to log in to do that.
    This just happens in beta 4, 5 and I have the js/data folder loads from CDN.

    Is there an option where we can select how long a member is logged in?
  2. Mike

    Mike XenForo Developer Staff Member

    If your server is being a proxy like CloudFlare, are you sure the correct IP address is being exposed to the server via REMOTE_ADDR? (That of the user, not of the proxy.)
  3. Andy.N

    Andy.N Well-Known Member

    We dont use cloudflare. In the config file, I have debug mode turned on for my IP which may cause the acp logout. I will check it.
  4. Mike

    Mike XenForo Developer Staff Member

    Setup a phpinfo file on your site an look for your REMOTE_ADDR value. If it's changing between requests, then this will happen. Unless you have a reason to expect that, that's a problem. :)
  5. iXanon

    iXanon Active Member

    I've noticed problems lately when being logged in through Facebook, and continually get logged out during a "session". Using both Chrome and FireFox.

    This isn't on my own installation, so can't provide much feedback. I know they're running a Beta of 1.1.0 though.
  6. Andy.N

    Andy.N Well-Known Member

    Confirm with my user who reported the logged out every 5 minutes with Chrome. He logged in via Facebook. So I told him to use the normal log in. We'll report back.
  7. MrC

    MrC Active Member

    Same here, my users and I kept getting logged out every few minutes.
  8. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    I'm gonna make a big post here for future reference:


    Some possible causes of users being logged out:

    1) The user was idle for too long and was automatically logged out for inactivity. The timeout is set in your:

    Admin CP -> Home -> Options -> User Options -> Online Status Timeout

    You can increase the timeout or tell your users to check Stay logged in when they login.

    2) A problem with cookie scope due to inconsistent forum links. All internal links are consistent, but user-submitted links (e.g. in posts) and links from addons and other customizations may be inconsistent. For example, if you login to the forum with a URL that has "www" but then visit a link without "www" then the login cookie can go out of scope which causes the user to be logged out. It is important that all links and bookmarks are consistent. You can add a rewrite rule to your .htaccess file to enforce no www and thereby avoid the potential problem of inconsistent links:

    RewriteEngine On
    RewriteCond %{HTTP_HOST} !^yoursite\.com$
    RewriteRule ^(.*)$ http://yoursite.com/$1 [R=301,L]
    If the forum and .htaccess file is in a subdirectory then you need to specify that in the rules:

    RewriteEngine On
    RewriteCond %{HTTP_HOST} !^yoursite\.com$
    RewriteRule ^(.*)$ http://yoursite.com/forum/$1 [R=301,L]
    If you are using XenForo's .htaccess file for friendly URLs then you can add the new rules like so:

    #	Mod_security can interfere with uploading of content such as attachments. If you
    #	cannot attach files, remove the "#" from the lines below.
    #<IfModule mod_security.c>
    #	SecFilterEngine Off
    #	SecFilterScanPOST Off
    ErrorDocument 401 default
    ErrorDocument 403 default
    ErrorDocument 404 default
    ErrorDocument 500 default
    <IfModule mod_rewrite.c>
    	RewriteEngine On
    	RewriteCond %{HTTP_HOST} !^yoursite\.com$
    	RewriteRule ^(.*)$ http://yoursite.com/forum/$1 [R=301,L]
    	#	If you are having problems with the rewrite rules, remove the "#" from the
    	#	line that begins "RewriteBase" below. You will also have to change the path
    	#	of the rewrite to reflect the path to your XenForo installation.
    	#RewriteBase /xenforo
    	#	This line may be needed to enable WebDAV editing with PHP as a CGI.
    	#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    	RewriteCond %{REQUEST_FILENAME} -f [OR]
    	RewriteCond %{REQUEST_FILENAME} -l [OR]
    	RewriteCond %{REQUEST_FILENAME} -d
    	RewriteRule ^.*$ - [NC,L]
    	RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    	RewriteRule ^.*$ index.php [NC,L]
    3) Your server is behind a proxy that is messing up reporting of the client IP address. You can visit this page in your Admin CP to check the IP reporting:


    Make sure REMOTE_ADDR shows your correct IP. If it's not correct then you can contact your host or server person to fix this. Or look for a server variable that contains the correct IP and then add this code to your library/config.php file:

    Replace the red part with the name of the server variable that contains the correct IP (from your phpinfo).

    4) You are storing sessions in a memory cache such as APC and that cache is getting full or is having uptime problems. You need to ensure that your cache doesn't get full and is reliable. Otherwise you can disable session caching by removing this line from your library/config.php file (it is false by default or when unspecified):

    $config['cache']['cacheSessions'] = true;
    Last edited: Jan 20, 2014
    Divvens, Overflame, maszd and 7 others like this.
  9. mrGTB

    mrGTB Well-Known Member

    That's the exact same rewrite rule I been using for a good while, works well.

    Here is a useful link: http://www.askapache.com/htaccess/modrewrite-tips-tricks.html

    To keep the WWW instead of removing it, use this below. Also I'm curious about something? Why do you not use this in the XenForo htaccess file "Options +FollowSymLinks".

    RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC]
    RewriteRule ^(.*)$ http://www.askapache.com/$1 [R=301,L]
    Jake, in your example above. Have you not made a slight error there. It should go after the backslash if required. Not above it, check the link I posted above to confirm that.

    hpidriver and maszd like this.
  10. Andy.N

    Andy.N Well-Known Member

    This only happens with beta 5.
    I have setup phpinfo and the REMOTE_ADDR shows my unique IP address throughout.
    Is there anything with the way <script> tag is used in beta 5?
    Dryline likes this.
  11. Andy.N

    Andy.N Well-Known Member

    Online status time out is 30 minutes but for those not selecting "Stay logged in", they are logged out every few minutes. I have received this report from 3 members so far.
  12. Andy.N

    Andy.N Well-Known Member

    Got a report that even with "Stay logged in" check, it still logs people out every few minutes.
    Win7 and Chrome.
  13. Mike

    Mike XenForo Developer Staff Member

    Where are you storing sessions? Cache or DB?
  14. Andy.N

    Andy.N Well-Known Member

    Cache and we have APC
    $config['externalDataUrl'] = 'http://cdn.quantnet.net/forum/data';
    $config['javaScriptUrl'] = 'http://cdn.quantnet.net/forum/js';
    $config['cache']['cacheSessions'] = true;
  15. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    The xf_session table in the database is nonvolatile, but APC might be a different story. What is your APC uptime? If the server is crashing then that might clear the sessions.
  16. Andy.N

    Andy.N Well-Known Member

    I just restarted the APC server which has been up for over 3 days and have around 100 cache full count in the User Cache Information table.
    I believe this is most likely the issue since user sessions now stored in cache.
    so the solution would probably be store user session in DB or restart APC server much sooner.
  17. Mike

    Mike XenForo Developer Staff Member

    If you restart APC, you're going to lose the sessions anyway. That "cacheSessions" line is actually pretty much explicitly for you (or people using APC for variable caching): if your APC data is going to get full, you will run into problems if you try to put the sessions there. Unlike other options, there is no fallback.

    Just take the cacheSessions line out and you'll use APC for variables but the DB for sessions.
    MrC, Andy.N and Jake Bunce like this.
  18. ChemicalKicks

    ChemicalKicks Well-Known Member

    Don't know if it's related but I've had a report of being logged out by a user who basically stated.

    Logged in could see my avatar and username on the right-hand side of the screen, read a thread and attempted to like a post when I was presented with a "login" message. He didn't have remember me ticked, running b5 ATM. I always have remember me ticked so can't confirm.


    Actually, going to try without remember me ticked. Will report back.
  19. ChemicalKicks

    ChemicalKicks Well-Known Member

    Actually here's the original in context :D

  20. Andy.N

    Andy.N Well-Known Member

    Thanks, Mike
    Took the line out so hopefully it will be the end of it. Is there any other place in ACP where this is set or only in config.php?

    Who would benefit from this cacheSessions line?

Share This Page