phpwcms Support Forum

I'm having a problem staying logged in to the admin backend. I've cleared my cookies and cache in both IE and FF and that hasn't seemed to help. I've also changed my db connection to be non-persistent to see if that made a difference.

It will take me sometimes 3 or 4 times to successfully log on. Then I'll click around a few places and then, randomly, be returned to the login dialog. I haven't been able to figure this out - any ideas?

Jared

I figured out what was going on here. This is a problem with my ISP. In the checklogin.inc.php script, a SQL update is happening at the top that expires any logged in sessions older than max_time seconds (1800). My ISP recently moved all of their hosted sites to a clustered solution - so at any given time my pages could be served up by one of 6 different machines. After some troubleshooting, I was able to see that each of the clustered servers is not in perfect time synch with one another. Therefore, checklogin.inc.php, when calculating the amount of time that had passed, was sometimes getting a negative number, and then was setting all sessions' logged_in field to zero.

At any rate, commenting out the lines in checklogin.inc.php has taken care of the issue for me for now, and I've logged a call with my ISP to take care of the issue asap.

Thanks,
Jared

I'm having the same issue. What lines did you comment out?

This is interesting, because there are a lot of threads about this.
I have the same issue and my ISP is also using clusters

Oliver - do you know what lines of code he is talking about ?

@jcheney; is your ISP Powweb ?

Here are the lines I commented out (I think - took a little digging back in my memory - this was some time ago):

They are in: phpwcms_1.2.1-DEV\include\inc_lib\checklogin.inc.php

//Aktualisieren der Userliste bzgl. der eingeloggten Zeit, Notfalls deaktivieren
//$sql = "UPDATE ".DB_PREPEND."phpwcms_userlog SET ";
//$sql .= "logged_in = 0, logged_change = '".time()."' ";
//$sql .= "WHERE logged_in = 1 AND ( ".time()." - logged_change ) > ".$phpwcms["max_time"];
//mysql_query($sql, $db);

Yes, mdgroot, my ISP is Powweb. Supposedly they have fixed the issue now - I've just never taken the time to go back and uncomment and check. Been too busy with my day job

Basically, the problem resulted from my ISP using clustered web servers that all serve up my pages - sometimes my pages are served up by serverA, sometimes by serverB, etc. depending on whatever rules they govern their cluster by. I would intermittently get logged out for no good reason - and finally tracked it down to the fact that the cluster members weren't synching their time (added some code to display timestamp and server hostname and noticed the time differences and different hostname on refreshes) - so I'd log on via serverA, but then later serverB would vend a page for me, at which point the code above would do a time check and think that I'd been idle for too long, or it would try to subtract a bigger number from a smaller one and thus get confused and just log me off. I just choose to comment out the above lines to prevent my login timestamp from being modified - essentailly saying I don't care if I've been idle for too long. I'm sure there's a more elegant solution but I was in a hurry.

I'm sure there may be security reasons for not doing it this way - it was a hack because I just wanted to get my web site content updated without logging in multiple times!

Hope that helps.

Love the CMS, Olivier - thanks for your work on it.

OK fine that this might be the solution.

Oliver

I was doing some research on the clustering thing and found that this is actually called 'load balancing'. I spoke with an former employee of Microsoft who is very familiar with this issue and was part of team who initiated load balancing for MS. Can't tell you much more than that for now.

Funny thing though...the commenting out of the code doesn't work for me. Maybe it needs to be commented out somewhere else?

Is it possible to store the session variable in the DB just before any major change occurs, then retrieve the latest session information so that no matter which server you're transferred to, the calculation can make reference to the latest stored information?

The checklogin script compares time of last user login and timeout against current time. Is "current time"-"login time" > "timeout" you will be logged off and session is destroyed. You have to disable the logout redirect...not the set new time after doing something. Each time checklogin is processed time is written into db and timeout starts at 0.

Oliver

Oliver, thanks for the clarification. After commenting the redirect portion out, the include/inc_act/act_structure.php page comes up blank in my browser because the session is empty. Is there a way to get back the session again without having to login again?

as I said: in include/inc_lib/checklogin.inc.php - this is where you have to set:

for multiple users: if only 1 editor: Oliver

Oliver - Thanks, but the condition for that code is implying that the session is not empty:

if(!empty($_SESSION["wcs_user"])) {

My problem is still occuring at the bottom of the script:

if(empty($_SESSION["wcs_user"])) {

and it wants to unset/destroy the session and redirect. If I comment this portion out I then receive a blank page.

when you are doing what I said - then the session will not be destroyed - so the redirect will not occure.

Oliver