Thread

Hi guys,

I opened this thread a while back about being constantly logged out at random on my website. Unfortunately this is still happening quite a bit, even after implementing some of the suggestions on there.

I am currently running v2.5.2 - Build Date: 20120606.

This is happening on both the front and back end of my website.  If I’m in the control panel, I sometimes get booted just by clicking one link after logging in. No error message, I’m just redirected back to the login screen.  Other times it can happen after I’ve tried to edit an entry or template (it takes me back to the login screen without saving my changes).

Same thing happens on the front-end of the site.  We have an area with some Safecracker forms, and it’ll kick people out just for trying to post or edit an entry. Sometimes just clicking a link will do the same thing.

It varies in frequency, but it is guaranteed to happen at least three times per day. Is there anything you can suggest to alleviate the issue?

Some additional info

- I have both control panel and user sessions set to ‘Cookies Only.’
- I’m on an Apache server at Rackspace
- No cookie prefix is setup
- This seems to happen in all browsers. IE 8 and 9 for sure, and I’ve had it happen in Safari and Firefox as well.
- Have tried clearing cache/cookies and selecting “auto-login on future visits”, same thing happens.

Thank you in advance!

We have the same situation.

EE v2.5.2 - Build Date: 20120606
PHP: 5.3.16
MySQL: 5.1.65

- I have both control panel and user sessions set to ‘Cookies Only.’
- I’m on an Rackspace cloud servers (CentOS 5 LAMP)
- No cookie prefix is setup
- No cookie path is setup
- Cookie domain is .(mydomain).com
- This seems to happen in all browsers. IE 8 and 9 for sure, and I’ve had it happen in Safari and Firefox as well.
- Have tried clearing cache/cookies and selecting “auto-login on future visits”, same thing happens.

We are getting a lot of reports of auto-log outs when using simple AJAX requests, but it happens seemingly randomly - across browsers and platforms.

.......

I’m aware of this bug report: https://support.ellislab.com/bugs/detail/17423

Would it be best to start there?

Hey mark186282,

Thanks for posting, glad I’m not the only one still having this issue!

Yeah, I had ended up at that Bug Thread as well. Kevin mentioned that if anyone was still having that issue to post a new bug report or forum thread.

it’s just spurious enough to be infuriating 😊

We’re getting reports from customers, which is the critical issue.

Another piece of data to add to the mix (may or may not be related, but might be helpful to know):

If I log in as another member (which we have to do occasionally to resolve minor situations), we almost always have to clear our cookies in order to log in again under our admin account.  When we do try to log in (both front-end and cp) we are returned to the login form without an error.  Clearing the cookies fixes this specific issue 100% of the time.

Hi gaarmaster,

Indeed, we still get reports of this problem. The good news is, a potential fix is being tested soon.

If you have any specifics that differ from the earlier bug report, pleas file a new one with those specifics or comment on the report with those. The more information we have, the better we can vet any fix.

Some things to check:
Are you consistent with the use of “www” in your domain?

Are you setting explicit cookie values in config.php or the Control Panel?

Are any affected users on rotating IP Addresses?

~

As Dan hints at with the question about rotating IP addresses, I would highly recommend commenting out the line mentioned in this post. As far as I know this check remains in place in the latest builds.

The issue is that there are a rediculous number of ways that a rotating IP address can occur - as illustrated by my response a few down from the linked reply.

Hi All,

How are things going? Does Airway’s post make sense and have you given it a go?

Cheers,

Hi Airways,

Thank you for the suggestion. I just checked the file that was mentioned in that link and we are already not doing an IP Address check in the fetch_session_data function. The only things in that array are session_id and user_agent.

Hi Dan,

- “www” is being used consistently throughout the site
- There are no explicit cookie values in config.php or the Control Panel
- As far as I know none of our users have rotating IP Addresses

I don’t know if this helps at all, but I was booted out of the CP while checking the cookie settings. This is the URL that appeared when I was kicked back to the login screen (changed the domain and system folder name for security reasons).

<a href="http://www.mydomain.com/system/index.php?S=0&D=cp&C=login&return=Qz1hZG1pbl9zeXN0ZW0mYW1wO009Y29va2llX3NldHRpbmdz">http://www.mydomain.com/system/index.php?S=0&D=cp&C=login&return=Qz1hZG1pbl9zeXN0ZW0mYW1wO009Y29va2llX3NldHRpbmdz</a>

Please let me know if there’s any other info you need.

Hi gaarmaster,

Be on the lookout for an email from me. I think it’ll be best if we can get some first-hand time with this one.

Just wanted to check to make sure you got my email. Do you need me to send it again, gaarmaster?

I’m getting reports of users getting this and I myself have been logged out multiple times now in EE v2.5.3 too. Can’t say I’m seeing any pattern though.

Hey CreativeZ,

Thanks for chiming in. I am sure Kevin will update the thread once he has some more information.

Thanks!

I have been experiencing this too in 2.5.3