We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Cookie / if logged_in issues with large member site

January 25, 2012 6:40am

Subscribe [2]

  • #1 / Jan 25, 2012 6:40am

    Mark Terpstra

    205 posts

    I saw Dan Decker’s comment on another thread about a known issue related to cookies and sessions. Has that been resolved in 2.4?

    I manage a very large member site that is experiencing some cookie/login issues…

    These are the symptoms that have been reported:

    1. Some users (multiple browsers but mostly IE) claim they are getting logged out soon after they login. I can usually never reproduce the behavior when testing on my machine. Having the user clear cache often resolves the issue - which makes me think it’s a cookie issue.

    2. Now just yesterday, the client was testing a new feature on the site where they logged in, took a survey on a remote site, then was redirected back to site where I am doing a check to see if the user is logged in. If the user is logged_out - we ask them to login first then retake the survey. If the user is logged in, we show them the thank-you page.

    The problem is that the client confirmed they were logged in first, following the process, but was directed to survey/start-over template in the if logged_out conditional. And what’s weird is that the survey/start-over template was showing the user as logged in.

    So it seems to me that it’s an issue with the {if logged_in} conditional not working properly.

    {if logged_in}
 {redirect="survey/thank-you"}
{/if}

{if logged_out}
 {redirect="survey/start-over"}
{/if}

    Note that clearing cache did not solve problem #2.


    These are my current settings…

    * EE v2.3.1 - Build: date 20111017
    * CP and User Sessions > Cookies Only (for both)
    * Require IP Address and User Agent for Login > No
    * Cookie domain > .example.com
    * $config[‘cp_session_ttl’]  “200000”;
    * $config[‘user_session_ttl’]  “200000”;
    * Using Solspace User Module with email address set as username


    This is my login form tag for problem #2 above…

    {exp:member:login_form return="survey/start"}

 <label>Email Address:</label>
 <input type="text" name="username" value="" />

 <label>Password</label>
 <input type="password" name="password" value="" />
 
 <button type="submit" name="submit">Login</button>

{/exp:member:login_form}

     

  • #2 / Jan 25, 2012 9:07am

    Mark Terpstra

    205 posts

    Some additional notes…

    I realized that in the CP I had Allow multiple log-ins from a single account? set to Yes - which does not work with the “Cookies Only” setting. I changed the setting to No but then could not login to the site with a test account I had used recently - possibly because I had set the user_session_ttl so high.  This was giving me the “Not authorized to perform this action” error. I turned the setting back to Yes and the error went away and I was able to login again.

    So in addition to my issue above with the if logged_in conditional, could you let me what the best set-up is for cookies for a member site where users are coming back each day and prefer to stay logged in rather than having to re-login each day.

    And if I update the cookie/session settings in the CP, is there a way to force a new cookie on each returning user so that the new settings take affect.

    Thanks for your help.

  • #3 / Jan 25, 2012 10:20am

    gaarmaster

    39 posts

    Thanks for posting this, Mark (was just about to post something similar). I haven’t tried to update to 2.4 yet, but was curious about whether this issue had been resolved or not (I didn’t spot anything in the Change Log).

    I’ve been experiencing pretty much the same problems as Mark in version 2.3.1.

  • #4 / Jan 25, 2012 10:20am

    Mark Terpstra

    205 posts

    EDIT: I no longer think this post is relevant. Seems to be happening no matter what for an IE tester I’m working with.

    Sorry for the multiple posts… but I think i found some more clues…

    Regarding the if logged_in issue posted above, I realized that it’s due to a conflict with a plugin tag.

    The session_variables tags cause the if logged_in conditional to fail. If I remove those two plugin tags, the if logged_in conditional works great.

    {exp:session_variables:set name="sv_action_id" value="{segment_4}"} 
{exp:session_variables:set name="sv_redirect_timestamp" value="{current_time format='%y%t%d%H%i'}"} 
 
{if logged_in}
 {redirect="survey/thank-you"}
{/if}

{if logged_out}
 {redirect="survey/start-over"}
{/if}

     

  • #5 / Jan 26, 2012 10:51am

    Lisa Wess

    20502 posts

    Hey Mark -

    There were some bugs with the login/cookie routines in 2.3.1.  2.4 should address those specifically - can you try to upgrade and see if it helps?

    Thanks!

  • #6 / Jan 26, 2012 12:17pm

    Mark Terpstra

    205 posts

    Thanks Lisa. I will be trying the upgrade on a test server this coming Monday.

  • #7 / Jan 26, 2012 12:19pm

    Lisa Wess

    20502 posts

    Thank you Mark.  Please let us know how it goes!  Will keep this thread open until we know more, and go from there.

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register