XF 1.5 Users getting logged out repeatedly

[Lmccandless]

I have increasing reports from users that they are being logged out repeatedly. Reports include Chrome, Safari, Firefox and Opera browsers. This is a new problem and just started a few days ago. I had, at first, asked them to clear their cache and cookies but it only resolves it temporarily. My tech and I looked into session issues but aren't finding any red flags. What else should we check? People are starting to get very annoyed...

 

[Paul B]

If it has only started recently and previously wasn't an issue, then you may want to contact your host and ask them if anything has changed.

Although I note that your site is available at www and non-www, which may account for it.

You need to force it to one or the other - see point 19 of the FAQ here: https://xenforo.com/community/threads/frequently-asked-questions.5183/#post-180456

 

[wang]

Are your users checking the Stay logged in box when they login?

 

[AndyB]

I suggest this add-on:

https://xenforo.com/community/resources/remove-stay-logged-in.2444/

 

[Amaury]

An add-on is not needed. If the issue is users not checking the stay logged in box, as @wang thinks, then a simple edit can make it be checked by default.

 

[Lmccandless]

Yes, they do have the box checked to stay logged in already, but it's not working, unfortunately. I have sent the htaccess info to my tech for forcing non-www, so I will see if that resolves it. Thank you for the input.

 

[Divvens]

This is an issue even we are facing. XenForo 1.5, I've ensured that htaccess contains rules to point only to non-www domain for 4 years now. Nothing changed recently except and upgrade to XF 1.5 - users report being logged out if they don't check the stay logged in. Until now have recieved only few reports but all contain a similar pattern, i.e users log in -> click on alerts and are somehow logged out before alert box drops down.

We are investigating it internally before opening a ticket with XenForo.

 

[Paul B]

It's not something we have had any other reports of so the first thing to check would be add-ons and then the server.

 

[Mike]

Things to check:

• Reverse proxies/load balancers causing IP changes. (You should be using some approach to expose the real IP to XF.)
• If you're storing sessions in a cache, make sure you have ample space for the sessions at all times.

 

[wang]

Have a look at this post too.

https://xenforo.com/community/threads/keep-logging-out-of-xf-with-chrome.22968/#post-286837

 

[Lmccandless]

After a month of wrangling this issue, I wanted to share an update. I had previously taken the suggestions here and forced non-www traffic. This did not resolve the issue for my users. Even though it's only been a few dozen users, they've been quite vocally unhappy. So, I continued to try a few additional modifications. I worked with two members of my admin team who were experiencing the issue - one in Firefox and one in Edge. Both were showing https in their browser even though I am not running XF on https. Earlier today, we added a new htaccess rule to force non https traffic in both XF and XFMG. This has resolved the logging out issue for my site - at last.