Thread

Hi there, I’m having a problem with EE’s backend (v2.3.1 - Build: date 20111017) frequently logging me out. Sometimes when I try to login it just returns straight away to the login page again, sometimes several times before allowing me in. Then it will often logout me out after a minute or two or when I try to submit a change anywhere in the backend - but not always.

The site has very recently been moved from a testing development server to it home in the real world. It didn’t give me this problem before and it was in the same server setup.  It’s running on php 5.3.10

The one major thing thing that has changed is that I set it up on Cloudflare at the same time as the move (so I don’t know precisely if it is this that is causing it).  I am also in touch with them to see if they have any ideas. I have set up a Cloudflare “page rule” to exclude anything with /admin.php in the url.

The control panel session type is set to cookies and session id although have also tried it on cookies only and cleared my browser’s cookie cache - no different.  I have also tried on several different browsers with no joy.

Starting to tear my hair out on this one!!

Also a problem that seems to have come up out of nowhere is the pagination which no longer seems to work - I’ll submit another post about this but thought I should mention incase it’s somehow related.

Thanks, Michael

Update - the pagination issue was unrelated and due to template cacheing enabled on the template that was to paginate. 

I updated EE to 2.4 and that didn’t fix it. Then I updated the Matrix field type plugin and that does seem to have fixed the problem for now (hopefully!)

Since updating to 2.4 the pagination is broken again (arrggh!) - could this be down to the fact that pagination has changed in 2.4? I saw something about that in the changelog.

Update:

This logging out problem is unfortunately not fixed - it still occurs frequently and randomly.  I found this thread that seems to deal with the same problem: http://ellislab.com/forums/viewthread/206925/

I followed the advice contained within it and have updated to 2.4 but this has not fixed the problem. 

Here is a list of the plugins the site is running - all of which are as up to date as possible:  * means 3rd party plugin.

I have tried to isolate the problem further but just not succeeding: Please Help!!

Michael

Modules:

Bitly for EE 1.0
Channel Channel module 2.0.1
Comment 2.2
Email 2.0
Emoticon 2.0
jQuery 1.0
Member 2.1
Query 2.0
Referrer 2.0
RSS 2.0
Search 2.1
Statistics 2.0
* AutoMin 2.0
* Channel Videos 3.0.3
* Low Reorder 1.2.1
* Matrix Multi-Upload 0.9.1
* MX Google Map 1.3.5
* NSM Better Meta 1.1.3
* REElocate 1.1
* Structure 3.1.3

Accessories:

ExpressionEngine Info (1.0)
* Hidden Tab (1.0)
* Matrix Multi-Upload (1.0)
* NSM Morphine theme (2.0.3)
* Structure (3.1.3)

Extensions:

* Low Seg2Cat 2.6.1
* Matrix 2.2.4
* NSM Better Meta 1.1.3
* Structure 3.1.3

Field Types:

Checkboxes 1.0
Date 1.0
File 1.0
Multi Select 1.0
Radio Buttons 1.0
Relationship 1.0
Select Dropdown 1.0
StructureFrame 3.1.3
Text Input 1.0
Textarea 1.0
* Channel Videos 3.0.3
* Expresso 1.7.2
* Issuu 0.5.1
* Low Reorder 1.2.1
* Matrix 2.2.4
* MX Google Maps 1.3.6
* NSM Better Meta 1.1.3
* P&T List 1.0.3
* P&T Pill 1.0.3
* P&T Switch 1.0.4

Plugins:

Magpie RSS Parser 1.3.5
Word Limiter 1.1
XML Encode 1.3
* AJW Feed Parser 0.9.2
* EE2 ED Image Resizer 1.0.4
* EE Hive Hacksaw 1.06
* MX Mobile Detect 2.8.4
* Page Number of Paginated Entries 1.0.0 https://github.com/tyssen/Page-Number.ee_addon
* Zoo Zeebra 1.1

Update: Well it’s not Automin - I’ve uninstalled that and the problem remains. Any ideas? Anyone?

Hi Tigerchick,

I’m sorry that you are having this trouble. And do appreciate how much troubleshooting you’ve already done on this issue. I did a search of the forums here and found a couple of threads that suggest that CloudFire is causing the problem. In this thread the user turned off CloudFire and everything was working correctly. In this thread it was suggested to exclude your system file using the page rules and that seemed to work.

Could you try those two solutions out and let me know if the problem persists?

Sean

Hi Sean,
thanks for getting back to me. I’ve actually seen those threads and indeed posted the last comments on them, thinking that I had solved the problem by adding Page Rules to the Cloudflare account, blocking the CP.  I’ve updated those threads now as the problem hasn’t gone away, despite trying that.  It doesn’t mean it’s not Cloudflare related though.  My problem is slightly different from “deschamps” in the second to last post at http://ellislab.com/forums/viewthread/199339/P18/#938369 as I don’t get a “not authorized” notice, it just either doesn’t logon at all - multiple times, returning me to the login page, or it just boots me out of the cp without warning and back to the login page.

I have turned the session control to cookie only - some people reported that this might work. It doesn’t in my case.  I have also tried ticking the remember me box - with no effect.

I wonder if this could be some kind of weird fire-walling conflict between Cloudflare, my host (Vidahost) and Expression Engine?

Michael

I just found this lurking in my .htaccess file. It was taken from the html5 boiler plate and left in without questioning too much.  It has to do with cookies which I know has something to do with how EE controls CP login sessions so it seems like it could be a culprit. I have taken it out and will test again - it’s a tough thing to get immediate feedback on to see if it’s fixed as sometimes it happens alot and sometimes only once in a while. Will keep testing though…

# Increase cookie security
<IfModule php5_module>
  php_value session.cookie_httponly true
</IfModule>

EDIT:
Nope - not that! I just got logged out again. :(

Update:

After consulting with my host, they gave me a method for completely bypassing Cloudflare for testing purposes.  If anybody is reading this it might help them:

On windows:

open c:\windows\system32\drivers\etc\hosts

And add the line:-

xx.xxx.xx.xx http://www.domain.com domain.com

(where xx.xxx.xx.xx is the IP address of the server hosting your site)

Save the file, and restart your browser.

On a Mac it’s exactly the same, although the file you need to edit is /private/etc/hosts

———-

When testing the site directly served by the server and not going through Cloudflare it seemed to be Ok (although it is difficult to tell 100% as the fault was intermittent).

I then engaged in a conversation with Cloudflare who have been very helpful.

At first they thought it might be their “browser integrity check” interfering with the session in some way.  Turning it off didn’t seem to help.

They then told me that when running through Cloudflare, a site will effectively have two IP addresses and that might might interfere with the sessions.  By that time I already had the CP Session prefs. set to “Cookie only” - so I don’t know if that is still a contributing factor.

They then pointed out a thread to me on the EE forum that mentions a similar problem: http://ellislab.com/forums/viewthread/199166/#934647 in which Dan Decker mentions the cookie settings. I specified my domain as the cookie domain (there was nothing specified before) and I also deleted the developement version of the site that was also installed at the same IP address (though not running through Cloudflare). 

Since doing that the problem seems to have gone away in the most (I have been booted out to the login screen twice since but only after a period of inactivity). That itself is a little odd because I though the intended action after a period of inactivity was to display the “session timed out” strip along the top of the screen - and not a return to the login screen.

The other strange thing is that whenever I move between screens in the CP, a new green tick is displayed at the top saying “Preferences updated”. (Even when I have changed nothing at all - and have previously cleared the message).

I’d really appreciate EllisLab’s thought on all this!

EDIT:
The problem still hasn’t gone away - just tried multiple times to login without success.

Hi tigerchick,

The first potential issue that comes to mind for me is the complexity you’re working with. In order to effectively troubleshoot the problem areas, we need you to simplify your setup as much as possible. First, remove anything from your .htaccess other than what is specified here. Also, for testing purposes, I need you to completely bypass Cloudflare. Using the hosts file method you mentioned above is fine since it does completely bypass their servers. But make sure you clear any local DNS caching and test the connection with a traceroute from your computer to your domain name to ensure it’s not touching the CloudFlare servers. No matter what rules you might use on Cloudflare itself to exclude certain files and whatnot, a website operating on multiple IPs is definitely going to cause issues for EE’s sessions.

Now, with those two things out of the way, are you still experiencing logout issues? If so, let’s go over those in detail, and don’t add the .htaccess stuff back in nor re-engage Cloudflare access while we’re troubleshooting. We want to remove complexity as we go. Does that make sense?

Hi Kevin,

ok I’ve done both those things. The traceroute is definitely bypassing Cloudflare.

However, changing the .htaccess has now broken the site - all urls within the site show the home page.

This is the .htaccess I’m using (I added back the no www to www in order to try to fix the break but that didn’t work)

<IfModule mod_rewrite.c>
RewriteEngine on

# no WWW to WWW
RewriteCond %{HTTP_HOST} !^www.eastsidecottages.co.uk$ [NC]
RewriteRule ^(.*)$ <a href="http://www.eastsidecottages.co.uk/$1">http://www.eastsidecottages.co.uk/$1</a> [R=301,L]

#Remove index.php
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
</IfModule>

Michael

Ok I just saw the note about adding in the ? to the rule for some servers.  Now the frontend is loading fine again. Interesting as I didn’t have that question mark in the rule in the original .htaccess file and yet it seemed to work anyway. 

My .htaccess file now reads as follows:

<IfModule mod_rewrite.c>
RewriteEngine on

# no WWW to WWW
RewriteCond %{HTTP_HOST} !^www.eastsidecottages.co.uk$ [NC]
RewriteRule ^(.*)$ <a href="http://www.eastsidecottages.co.uk/$1">http://www.eastsidecottages.co.uk/$1</a> [R=301,L]

#Remove index.php
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?/$1 [L]
</IfModule>

Ok Kevin, it’s behaving itself with the stripped down .htaccess and with Cloudflare bypassed.

Just un-bypassed Cloudflare again and retested. Everything fine to start with but then got logged off.  This happened twice over a 10 minute period. This is with the stripped down .htaccess file.

Hmm… And it’s consistently happening that often? Be on the lookout for an email from me. I’d like to take a first-hand look at this if at all possible.

Hi,

This may well have been answered elsewhere but I just faced a similar problem with Clouflare so thought I’d post here in the hope it may help somebody out one day. The problem for me seemed to be caused by all visitors having the same ip address because Cloudflare is essentially a proxy. On shared hosting I do not have the ability to install the apache module so I resolved the issue by adding the following code to the top of my index.php

if ($_SERVER["HTTP_CF_CONNECTING_IP"]) {
                 $_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"];
}

Ref: https://cloudflare.tenderapp.com/kb/why-do-i-see-cloudflares-ips-in-my-server-logs-or-site-logs/how-do-i-get-original-visitor-ip-with-a-php-forum-site