XF 1.5 Users getting logged out repeatedly

Lmccandless

Member
I have increasing reports from users that they are being logged out repeatedly. Reports include Chrome, Safari, Firefox and Opera browsers. This is a new problem and just started a few days ago. I had, at first, asked them to clear their cache and cookies but it only resolves it temporarily. My tech and I looked into session issues but aren't finding any red flags. What else should we check? People are starting to get very annoyed...
 

Lmccandless

Member
Yes, they do have the box checked to stay logged in already, but it's not working, unfortunately. I have sent the htaccess info to my tech for forcing non-www, so I will see if that resolves it. Thank you for the input.
 

Divvens

Well-known member
This is an issue even we are facing. XenForo 1.5, I've ensured that htaccess contains rules to point only to non-www domain for 4 years now. Nothing changed recently except and upgrade to XF 1.5 - users report being logged out if they don't check the stay logged in. Until now have recieved only few reports but all contain a similar pattern, i.e users log in -> click on alerts and are somehow logged out before alert box drops down.

We are investigating it internally before opening a ticket with XenForo.
 

Mike

XenForo developer
Staff member
Things to check:
  • Reverse proxies/load balancers causing IP changes. (You should be using some approach to expose the real IP to XF.)
  • If you're storing sessions in a cache, make sure you have ample space for the sessions at all times.
 

Lmccandless

Member
After a month of wrangling this issue, I wanted to share an update. I had previously taken the suggestions here and forced non-www traffic. This did not resolve the issue for my users. Even though it's only been a few dozen users, they've been quite vocally unhappy. So, I continued to try a few additional modifications. I worked with two members of my admin team who were experiencing the issue - one in Firefox and one in Edge. Both were showing https in their browser even though I am not running XF on https. Earlier today, we added a new htaccess rule to force non https traffic in both XF and XFMG. This has resolved the logging out issue for my site - at last.
 
Top