Fast Running Blog
October 31, 2024, 04:52:45 pm *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: SMF - Just Installed!
 
   Home   Help Search Calendar Login Register FAST RUNNING BLOG  
Pages: [1]
  Print  
Author Topic: Browser Only Stays Logged in For a Few Hours  (Read 9226 times)
Steve P
Posting Member
***
Posts: 164


WWW
« on: June 04, 2009, 09:44:10 am »

I have found that I have to log in to the blog pretty much every time I want to log miles. This was a small annoyance before, but now that comments require a login, it has become more of an obstacle. I'm assuming this in place as a "security" measure for people who use public computers, but in my opinion, the annoyance factor is much greater than the potential (though probably miniscule) security benefits. Personally, I'm not worried about someone hacking into my account and adding more miles than I actually did or something like that.  Wink Maybe others are.

As an alternative, I would suggest a checkbox on the login for people to indicate whether they are at a public computer. If so, then they could be logged out after an hour or so. If not, they could stay logged in for a couple weeks (as in email services like GMail and Yahoo Mail).

Or maybe there's some way around this that I'm not noticing?
« Last Edit: June 04, 2009, 09:55:44 am by Steve P » Logged
Paul Petersen
Cyber Boltun
*****
Posts: 891



WWW
« Reply #1 on: June 04, 2009, 10:37:54 am »

I second that. A "stay logged in" checkbox would be great. Right now the login expires when the browser session is finished. Rather annoying for those that are used to Facebook, yahoo/google mail, and other apps.
Logged
Sasha Pachev
Administrator
Cyber Boltun
*****
Posts: 1546



WWW
« Reply #2 on: June 04, 2009, 01:05:59 pm »

It is a bug of some kind. For some reason sessions keep expiring after about 15 minutes. I have no clue why. It is very difficult to investigate because each try takes 15 minutes to know if you got the fix right, and at this point I do not even know where to start. I have checked the cookies that come to the browser and they are set to never expire. Possibly PHP session manager itself is losing the sessions, even though I thought I told it to not expire them. One idea is to try a custom session handler, that might do it. Will give it a try when I have a moment.
Logged
Steve P
Posting Member
***
Posts: 164


WWW
« Reply #3 on: June 04, 2009, 01:09:44 pm »

I'm don't know much about PHP, but I found a couple pages that say this type of thing was a bug in earlier (<=2.2) versions of PHP.

http://bugs.php.net/bug.php?id=43226

Not sure what version you're using, but that might be a potential cause.
Logged
Steve P
Posting Member
***
Posts: 164


WWW
« Reply #4 on: June 04, 2009, 01:11:42 pm »

Actually, as I read that page closer, it may not be what I thought it was. They're saying it could be something with the proxy, but I'm not sure what they mean by that.
Logged
Sasha Pachev
Administrator
Cyber Boltun
*****
Posts: 1546



WWW
« Reply #5 on: June 04, 2009, 02:22:36 pm »

After some RTFM (Read The Fine Manual) on how PHP sessions work I figured it out, I think. Setting session.gc_maxlifetime is meaningless after session_start() (which is what I was doing) , and is useless anyway for a number of reasons, especially on Ubuntu with default setup because on Ubuntu sessions are garbage collected from a cron but the value does come from php.ini. So I upped the session.gc_maxlifetime to 100 hours, let's see if that solves the problem. Report here if it does or not.
Logged
Steve P
Posting Member
***
Posts: 164


WWW
« Reply #6 on: June 05, 2009, 12:22:30 am »

I'm afraid to say it doesn't appear to be working for me still. If I log in, then close Firefox, then restart Firefox, then browse to http://stevep.fastrunningblog.com, it asks me to log in and doesn't have a link to my calendar. Do I need to go to a more precise URL? I'm sure you thought of this, but maybe the Web server needs to be restarted for the changes to take effect?
Logged
Sasha Pachev
Administrator
Cyber Boltun
*****
Posts: 1546



WWW
« Reply #7 on: June 06, 2009, 04:18:47 pm »

For this change the web server restart has no effect because the session garbage collection is done by a cron job outside the server.

If you restart the browser it loses the cookie unless you tell it to keep the cookies until they expire. What is the setting in Firefox under Edit->Preferences then look under Cookies Keep Unitl?
Logged
Steve P
Posting Member
***
Posts: 164


WWW
« Reply #8 on: June 08, 2009, 12:05:44 pm »

I'm using Firefox 3.0.10, so the Cookie settings were in a slightly different place than you mentioned. But it is (and has been) set to keep the cookies until they expire.

I have noticed that the cookies have been staying longer (more than a few hours), so it may be working better now, so I'll have to keep an eye on it.
Logged
Sasha Pachev
Administrator
Cyber Boltun
*****
Posts: 1546



WWW
« Reply #9 on: June 08, 2009, 03:25:45 pm »

They are set to time out after 60 hours.
Logged
Steve P
Posting Member
***
Posts: 164


WWW
« Reply #10 on: June 09, 2009, 10:40:35 am »

Seems to be working for me now both in Firefox and Google Chrome. My preference would be for the cookies to last for 1-2 weeks rather than 2.5 days (60 hours) for the reasons stated above.
Logged
Steve P
Posting Member
***
Posts: 164


WWW
« Reply #11 on: October 06, 2009, 09:46:17 pm »

My login seems to be expiring after a few hours again. I am using a new computer, so it might have something to do with that. But I have cookies enabled, and the configuration is the same as what I had on my old computer (Windows XP, Google Chrome).
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC Valid XHTML 1.0! Valid CSS!