Thread

I frequently get the “Your Session has expired. Please log back in to avoid data loss” message just a minute after my last submit of an update. There is no warning that it is about to time out.

I understand that this would occur after a period of no activity. But why after less than a minute after my last submit of an update and active work with submits every few minutes? This occurs whether I have only one active window open to EE or multiple windows open to various admin pages.

Hi Stoelting,

Not sure if you already did this but. Check your settings in the CP under “Admin > Security and Privacy > Time Interval for Lockout” value. I think by default it’s set to 1 minute. You can change this to a higher number if you like. Another thing you can do in the same screen is change the “Control Panel Session Type” to “Cookies Only”. This will give you the “Auto login” checkbox on your CP login screen which should keep you logged in without having your session to expire. I hope that helps.

Mike

Hello Stoelting,

I am sorry to hear you are running into this problem.

The Time Interval For Lockout refers to password attempts. “Here you can determine, in minutes, the time interval over which more than four invalid login attempts will trigger a lockout.” So this setting has nothing to do with the timeout you are running into.

Before you set your Control Panel Session Type to Cookies only, can you tell me a few things about your environment?

Do you know if your IP is rotating frequently or if you are behind a proxy? If you move to a different computer at the same location, do you get the same results? What about offsite? Is there a different say from home or work with getting logged out?

Please let me know and we can go from there. There are some things we can do should you find out that your answer to the above questions are yes.

Cheers,

Hello Stoelting,

Do you know if your IP is rotating frequently or if you are behind a proxy? If you move to a different computer at the same location, do you get the same results? What about offsite? Is there a different say from home or work with getting logged out?

Please let me know and we can go from there. There are some things we can do should you find out that your answer to the above questions are yes.

My Internet connection is via AT&T DSL. Not sure if they change the IP address, or use a proxy. Any way you can suggest to get this info?
I work from my home office, always this connection. I don’t have access to an offsite connection.

I usually work on a non-Intel Mac, using Firefox/3.6.28 (the latest version that will work with non-Intel CPU). Occasionally I use an Intel MacBook using Firefox (I keep it up to date with latest version). I do not recall having this problem when using the MacBook.

Hi Stoelting,

The proxy would be something you run at home, so we can rule that out. I am not sure, but I believe DSL is a single static IP. At any rate, I think with your service that you are okay.

Can you try changing a setting for me? In the same section we have been talking about in the Control Panel under Security and Sessions, look for “Require IP Address and User Agent for Login” and change that to “No”.

Test with this setting for a bit and let me know. It’s nice security feature that blocks raw socket access with spoofing, but I think you will be okay if you disable it.

Please let me know how this goes.

Cheers,

I made the change and the problem has not recurred since I made the change about 2 weeks ago, so I assume it worked.

This appears to be a small bug, since the solution involved reducing sight access security.

Thanks for your help.

Hello Stoelting,

I am glad to hear it.

If you need anything else, please just let us know by opening a new thread.

Cheers,