XF 1.1 Keep logging out of XF with Chrome

Andy.N

Well-known member
I noticed this as well in ACP and my members told me about getting logged out of XF (beta 5) using Chrome browser.
I don't notice the problem with forum home since I have selected "Stay logged in" but when I log in the ACP, and under one minute, while I'm trying to perform some task, it pops up that I need to log in to do that.
This just happens in beta 4, 5 and I have the js/data folder loads from CDN.

Is there an option where we can select how long a member is logged in?
 
If your server is being a proxy like CloudFlare, are you sure the correct IP address is being exposed to the server via REMOTE_ADDR? (That of the user, not of the proxy.)
 
Setup a phpinfo file on your site an look for your REMOTE_ADDR value. If it's changing between requests, then this will happen. Unless you have a reason to expect that, that's a problem. :)
 
I've noticed problems lately when being logged in through Facebook, and continually get logged out during a "session". Using both Chrome and FireFox.

This isn't on my own installation, so can't provide much feedback. I know they're running a Beta of 1.1.0 though.
 
Confirm with my user who reported the logged out every 5 minutes with Chrome. He logged in via Facebook. So I told him to use the normal log in. We'll report back.
 
I'm gonna make a big post here for future reference:

_____

Some possible causes of users being logged out:

1) The user was idle for too long and was automatically logged out for inactivity. The timeout is set in your:

Admin CP -> Home -> Options -> User Options -> Online Status Timeout

You can increase the timeout or tell your users to check Stay logged in when they login.

2) A problem with cookie scope due to inconsistent forum links. All internal links are consistent, but user-submitted links (e.g. in posts) and links from addons and other customizations may be inconsistent. For example, if you login to the forum with a URL that has "www" but then visit a link without "www" then the login cookie can go out of scope which causes the user to be logged out. It is important that all links and bookmarks are consistent. You can add a rewrite rule to your .htaccess file to enforce no www and thereby avoid the potential problem of inconsistent links:

Rich (BB code):
RewriteEngine On

RewriteCond %{HTTP_HOST} !^yoursite\.com$
RewriteRule ^(.*)$ http://yoursite.com/$1 [R=301,L]

If the forum and .htaccess file is in a subdirectory then you need to specify that in the rules:

Rich (BB code):
RewriteEngine On

RewriteCond %{HTTP_HOST} !^yoursite\.com$
RewriteRule ^(.*)$ http://yoursite.com/forum/$1 [R=301,L]

If you are using XenForo's .htaccess file for friendly URLs then you can add the new rules like so:

Rich (BB code):
#	Mod_security can interfere with uploading of content such as attachments. If you
#	cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#	SecFilterEngine Off
#	SecFilterScanPOST Off
#</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default

<IfModule mod_rewrite.c>
	RewriteEngine On

	RewriteCond %{HTTP_HOST} !^yoursite\.com$
	RewriteRule ^(.*)$ http://yoursite.com/forum/$1 [R=301,L]

	#	If you are having problems with the rewrite rules, remove the "#" from the
	#	line that begins "RewriteBase" below. You will also have to change the path
	#	of the rewrite to reflect the path to your XenForo installation.
	#RewriteBase /xenforo

	#	This line may be needed to enable WebDAV editing with PHP as a CGI.
	#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

	RewriteCond %{REQUEST_FILENAME} -f [OR]
	RewriteCond %{REQUEST_FILENAME} -l [OR]
	RewriteCond %{REQUEST_FILENAME} -d
	RewriteRule ^.*$ - [NC,L]
	RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
	RewriteRule ^.*$ index.php [NC,L]
</IfModule>

3) Your server is behind a proxy that is messing up reporting of the client IP address. You can visit this page in your Admin CP to check the IP reporting:

admin.php?tools/phpinfo

Make sure REMOTE_ADDR shows your correct IP. If it's not correct then you can contact your host or server person to fix this. Or look for a server variable that contains the correct IP and then add this code to your library/config.php file:

Rich (BB code):
// FIX IP ADDRESS FOR PROXY
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_REAL_IP'];

Replace the red part with the name of the server variable that contains the correct IP (from your phpinfo).

4) You are storing sessions in a memory cache such as APC and that cache is getting full or is having uptime problems. You need to ensure that your cache doesn't get full and is reliable. Otherwise you can disable session caching by removing this line from your library/config.php file (it is false by default or when unspecified):

Code:
$config['cache']['cacheSessions'] = true;
 
Last edited:
That's the exact same rewrite rule I been using for a good while, works well.

Here is a useful link: http://www.askapache.com/htaccess/modrewrite-tips-tricks.html

To keep the WWW instead of removing it, use this below. Also I'm curious about something? Why do you not use this in the XenForo htaccess file "Options +FollowSymLinks".

Code:
RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC]
RewriteRule ^(.*)$ http://www.askapache.com/$1 [R=301,L]

Jake, in your example above. Have you not made a slight error there. It should go after the backslash if required. Not above it, check the link I posted above to confirm that.

<IfModule mod_rewrite.c>
RewriteEngine On

# If you are having problems with the rewrite rules, remove the "#" from the

# line that begins "RewriteBase" below. You will also have to change the path
# of the rewrite to reflect the path to your XenForo installation.
#RewriteBase /xenforo
RewriteCond %{HTTP_HOST} !^yoursite\.com$
RewriteRule ^(.*)$ http://yoursite.com/forum/$1 [R=301,L]
 
Setup a phpinfo file on your site an look for your REMOTE_ADDR value. If it's changing between requests, then this will happen. Unless you have a reason to expect that, that's a problem. :)
This only happens with beta 5.
I have setup phpinfo and the REMOTE_ADDR shows my unique IP address throughout.
Is there anything with the way <script> tag is used in beta 5?
 
I'm gonna make a big post here for future reference:

_____

Some possible causes of users being logged out:

1) The user was idle for too long and was automatically logged out for inactivity. The timeout is set in your:

Admin CP -> Home -> Options -> User Options -> Online Status Timeout

You can increase the timeout or tell your users to check Stay logged in when they login.
Online status time out is 30 minutes but for those not selecting "Stay logged in", they are logged out every few minutes. I have received this report from 3 members so far.
 
The xf_session table in the database is nonvolatile, but APC might be a different story. What is your APC uptime? If the server is crashing then that might clear the sessions.
 
The xf_session table in the database is nonvolatile, but APC might be a different story. What is your APC uptime? If the server is crashing then that might clear the sessions.
I just restarted the APC server which has been up for over 3 days and have around 100 cache full count in the User Cache Information table.
I believe this is most likely the issue since user sessions now stored in cache.
so the solution would probably be store user session in DB or restart APC server much sooner.
 
If you restart APC, you're going to lose the sessions anyway. That "cacheSessions" line is actually pretty much explicitly for you (or people using APC for variable caching): if your APC data is going to get full, you will run into problems if you try to put the sessions there. Unlike other options, there is no fallback.

Just take the cacheSessions line out and you'll use APC for variables but the DB for sessions.
 
Don't know if it's related but I've had a report of being logged out by a user who basically stated.

Logged in could see my avatar and username on the right-hand side of the screen, read a thread and attempted to like a post when I was presented with a "login" message. He didn't have remember me ticked, running b5 ATM. I always have remember me ticked so can't confirm.

.....

Actually, going to try without remember me ticked. Will report back.
 
Actually here's the original in context :D

Anonymous said:
ChemicalKicks said:
The only reason you would get an error message saying your not logged in is if you were not logged in :shrug: :D

Buttttt................. I have went and checked the 'remember me' box for you, so that this crime will never happen again!!!!!!!!!

Oy clever bollocks !
I logged on, signed in, my name showed on the right hand side, I was able to see Members Only stuff....so in what ****in' way was I not logged in ?
 
Thanks, Mike
Took the line out so hopefully it will be the end of it. Is there any other place in ACP where this is set or only in config.php?

Who would benefit from this cacheSessions line?
 
Back
Top Bottom