I'm having a problem staying logged in to the admin backend. I've cleared my cookies and cache in both IE and FF and that hasn't seemed to help. I've also changed my db connection to be non-persistent to see if that made a difference.
It will take me sometimes 3 or 4 times to successfully log on. Then I'll click around a few places and then, randomly, be returned to the login dialog. I haven't been able to figure this out - any ideas?
Jared
cannot stay logged in
I figured out what was going on here. This is a problem with my ISP. In the checklogin.inc.php script, a SQL update is happening at the top that expires any logged in sessions older than max_time seconds (1800). My ISP recently moved all of their hosted sites to a clustered solution - so at any given time my pages could be served up by one of 6 different machines. After some troubleshooting, I was able to see that each of the clustered servers is not in perfect time synch with one another. Therefore, checklogin.inc.php, when calculating the amount of time that had passed, was sometimes getting a negative number, and then was setting all sessions' logged_in field to zero.
At any rate, commenting out the lines in checklogin.inc.php has taken care of the issue for me for now, and I've logged a call with my ISP to take care of the issue asap.
Thanks,
Jared
At any rate, commenting out the lines in checklogin.inc.php has taken care of the issue for me for now, and I've logged a call with my ISP to take care of the issue asap.
Thanks,
Jared
Same Problem
I'm having the same issue. What lines did you comment out?
Here are the lines I commented out (I think - took a little digging back in my memory - this was some time ago):
They are in: phpwcms_1.2.1-DEV\include\inc_lib\checklogin.inc.php
//Aktualisieren der Userliste bzgl. der eingeloggten Zeit, Notfalls deaktivieren
//$sql = "UPDATE ".DB_PREPEND."phpwcms_userlog SET ";
//$sql .= "logged_in = 0, logged_change = '".time()."' ";
//$sql .= "WHERE logged_in = 1 AND ( ".time()." - logged_change ) > ".$phpwcms["max_time"];
//mysql_query($sql, $db);
Yes, mdgroot, my ISP is Powweb. Supposedly they have fixed the issue now - I've just never taken the time to go back and uncomment and check. Been too busy with my day job
Basically, the problem resulted from my ISP using clustered web servers that all serve up my pages - sometimes my pages are served up by serverA, sometimes by serverB, etc. depending on whatever rules they govern their cluster by. I would intermittently get logged out for no good reason - and finally tracked it down to the fact that the cluster members weren't synching their time (added some code to display timestamp and server hostname and noticed the time differences and different hostname on refreshes) - so I'd log on via serverA, but then later serverB would vend a page for me, at which point the code above would do a time check and think that I'd been idle for too long, or it would try to subtract a bigger number from a smaller one and thus get confused and just log me off. I just choose to comment out the above lines to prevent my login timestamp from being modified - essentailly saying I don't care if I've been idle for too long. I'm sure there's a more elegant solution but I was in a hurry.
I'm sure there may be security reasons for not doing it this way - it was a hack because I just wanted to get my web site content updated without logging in multiple times!
Hope that helps.
Love the CMS, Olivier - thanks for your work on it.
They are in: phpwcms_1.2.1-DEV\include\inc_lib\checklogin.inc.php
//Aktualisieren der Userliste bzgl. der eingeloggten Zeit, Notfalls deaktivieren
//$sql = "UPDATE ".DB_PREPEND."phpwcms_userlog SET ";
//$sql .= "logged_in = 0, logged_change = '".time()."' ";
//$sql .= "WHERE logged_in = 1 AND ( ".time()." - logged_change ) > ".$phpwcms["max_time"];
//mysql_query($sql, $db);
Yes, mdgroot, my ISP is Powweb. Supposedly they have fixed the issue now - I've just never taken the time to go back and uncomment and check. Been too busy with my day job
Basically, the problem resulted from my ISP using clustered web servers that all serve up my pages - sometimes my pages are served up by serverA, sometimes by serverB, etc. depending on whatever rules they govern their cluster by. I would intermittently get logged out for no good reason - and finally tracked it down to the fact that the cluster members weren't synching their time (added some code to display timestamp and server hostname and noticed the time differences and different hostname on refreshes) - so I'd log on via serverA, but then later serverB would vend a page for me, at which point the code above would do a time check and think that I'd been idle for too long, or it would try to subtract a bigger number from a smaller one and thus get confused and just log me off. I just choose to comment out the above lines to prevent my login timestamp from being modified - essentailly saying I don't care if I've been idle for too long. I'm sure there's a more elegant solution but I was in a hurry.
I'm sure there may be security reasons for not doing it this way - it was a hack because I just wanted to get my web site content updated without logging in multiple times!
Hope that helps.
Love the CMS, Olivier - thanks for your work on it.
-
Oliver Georgi
- Site Admin
- Posts: 9928
- Joined: Fri 3. Oct 2003, 22:22
- Location: Dessau-Roßlau
- Contact:
Funny thing though...the commenting out of the code doesn't work for me. Maybe it needs to be commented out somewhere else?
Is it possible to store the session variable in the DB just before any major change occurs, then retrieve the latest session information so that no matter which server you're transferred to, the calculation can make reference to the latest stored information?
Is it possible to store the session variable in the DB just before any major change occurs, then retrieve the latest session information so that no matter which server you're transferred to, the calculation can make reference to the latest stored information?
-
Oliver Georgi
- Site Admin
- Posts: 9928
- Joined: Fri 3. Oct 2003, 22:22
- Location: Dessau-Roßlau
- Contact:
The checklogin script compares time of last user login and timeout against current time. Is "current time"-"login time" > "timeout" you will be logged off and session is destroyed. You have to disable the logout redirect...not the set new time after doing something. Each time checklogin is processed time is written into db and timeout starts at 0.
Oliver
Oliver
-
Oliver Georgi
- Site Admin
- Posts: 9928
- Joined: Fri 3. Oct 2003, 22:22
- Location: Dessau-Roßlau
- Contact:
as I said: in include/inc_lib/checklogin.inc.php - this is where you have to set:
for multiple users:
if only 1 editor:
Oliver
for multiple users:
Code: Select all
/*
if(!empty($_SESSION["wcs_user"])) {
$sql = "SELECT COUNT(*) FROM ".DB_PREPEND."phpwcms_userlog ";
$sql .= "WHERE logged_user='".aporeplace($_SESSION["wcs_user"])."' AND logged_in=1";
if($check = mysql_query($sql, $db)) {
if($row = mysql_fetch_row($check)) {
if($row[0] == 0) {
unset($_SESSION["wcs_user"]);
} else {
$sql = "UPDATE ".DB_PREPEND."phpwcms_userlog SET ";
$sql .= "logged_change=".time()." WHERE ";
$sql .= "logged_user='".aporeplace($_SESSION["wcs_user"])."' AND logged_in=1";
mysql_query($sql, $db);
}
mysql_free_result($check);
}
}
}
*/Code: Select all
//unset($_SESSION["wcs_user"]);
Oliver - Thanks, but the condition for that code is implying that the session is not empty:
My problem is still occuring at the bottom of the script:if(!empty($_SESSION["wcs_user"])) {
and it wants to unset/destroy the session and redirect. If I comment this portion out I then receive a blank page.if(empty($_SESSION["wcs_user"])) {
-
Oliver Georgi
- Site Admin
- Posts: 9928
- Joined: Fri 3. Oct 2003, 22:22
- Location: Dessau-Roßlau
- Contact: