- This topic has 9 replies, 3 voices, and was last updated 11 years, 2 months ago by
.
-
Posts
-
Hi,
I have been experiencing this for a very long time but it’s now very inconveniencing for our members. eMember is logging out members after about 5 – 10 minutes of logging in.
I have set the “Logout the Member After XX Minutes” to 180 (3 hours) but it doesn’t work. I have also left the box empty or used 0 so it doesn’t logout at all, but it still won’t work.
We are offering courses on the site and members are complaining of having to log back into membership after every 5 – 10 minutes.
Not sure what’s happening and can’t find any solution within the forum.
Please help. Thanks
I don’t think this has anything do with the “Logout the Member After XX Minutes” feature. I am pretty sure the PHP Session on your server is prematurely getting erased every 5 or 10 minutes. This is a PHP setting on your server that your web host can help with. Have a look at the folloiwng post which has more details on it:
https://support.tipsandtricks-hq.com/forums/topic/session-logging-out-after-about-20-minutes
After several back and forth emails, tweaking and adjusting settings in the server and all, this is what my host company finally sent to me. Please read below and let me know what to do next:
Hello,
I noticed that unlike normal php_session management that is handled by writing the cookie to /tmp on the linux filesystem, your plugin is controlling browser/session cookies in a mysql table, jeffrey6_sessions –
I captured this strace output which is an example of your site updating a cookie in its internal session management,
04:27:15 write(3, “21343nttUPDATE jeffrey6_sessionsnttSET data = ‘session_value|s:32:\”89f6f7d54d115d3a8ed7c919da2eb0c1\”;session_var|s:11:\”c5747394a08\”;robot_check|i:1352543216;mc|a:7:{s:4:\”time\”;i:1352543216;s:2:\”id\”;i:0;s:2:\”gq\”;s:3:\”0=1\”;s:2:\”bq\”;s:3:\”0=1\”;s:2:\”ap\”;a:0:{}s:2:\”mb\”;a:0:{}s:2:\”mq\”;s:3:\”0=1\”;}ban|a:5:{s:12:\”last_checked\”;i:1352543235;s:9:\”id_member\”;i:0;s:2:\”ip\”;s:13:\”142.4.117.137\”;s:3:\”ip2\”;s:13:\”142.4.117.137\”;s:5:\”email\”;s:0:\”\”;}log_time|i:1352543234;timeOnlineUpdated|i:1352543216;last_read_topic|i:67373;post_vv|a:5:{s:5:\”count\”;i:1;s:6:\”errors\”;i:0;s:8:\”did_pass\”;b:0! ;s:1:\”q\”;a:1:{i:0;s:1:\”1\”;}s:4:\”code\”;s:6:\”HDWFMK\”;}forms|a:0:{}old_url|s:50:\”http://nbmuk.com/forums/index.php?action=register2\”;USER_AGENT|s:129:\”Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5 Comodo_Dragon/19.2.0.0\”;register_vv|a:5:{s:5:\”count\”;i:3;s:6:\”errors\”;i:2;s:8:\”did_pass\”;b:0;s:1:\”q\”;
I noticed this after first looking to ensure my session cookie had been written to the filesystem somewhere, when it wasn’t in the in regular /tmp or in the WordPress directory, I had to realize that this is why earlier settings to php.ini which would have altered default session handling weren’t going to be useful.
[root@gator642 /home/jeffrey6/public_html/trafficsourcesreviews.com]# find /tmp -type f -iname “aa68c65b05bed7bc7b82f95c6c7ec5cd”
[root@gator642 /home/jeffrey6/public_html/trafficsourcesreviews.com]# find . -type f -iname “aa68c65b05bed7bc7b82f95c6c7ec5cd”
I have no idea what this guy is talking about unfortunately. A plugin never tells PHP where to write the session value. A plugin tells PHP that it needs to store a value in the session or in a cookie. PHP will store it and do whatever it needs/wants to according to the server’s config. Where the session is stored doesn’t matter for what we are talking about anyway. We are seeing that the values are getting lost every 5-10 minutes consistently which indicates that there is some sort of a timer somewhere which is clearing those session or cookie values. This “session or cookie value getting lost” is external to the plugin because if it wasn’t then this same behavior would be present in thousands of other sites using eMember. It may not be a PHP session issue but something on this server is destroying those values from the session or cookie every so many minutes otherwise there is no way to see the behavior you saw.
Just to clear it a little more… eMember plugin doesn’t control how php session is stored. what it does is, it asks php to initiate session by calling session_start() function. then it calls session_id(). this function return the id of currently active session. eMember uses this session id to track users. but eMember doesn’t have any clue on where php manages this id. if this id gets destroyed, then eMember will log that user out. as the log indicates, you must have some other software that is controlling the session. that ” jeffrey6_sessions” mysql table is no related to eMember. the log data also doesn’t make sense with respect to eMember.
hope this helps.
Thank you both for the contribution. I perfectly understand your points. I will take this now to the host and let you know what happens next.
Thanks
Just a quick update so you know how far we have gone to resolve the issue.
The host company finally resolved the issue from their end but after that we were still getting the logout after 30 minutes or so. However, when I turned off the option without putting any time, it started working well.
Here’s what the host company sent:
I would like to summarize the changes that were made for both your records and ours.
While the changes were properly made in your /home/jeffrey6/public_html/trafficsourcesreviews.com/php.ini file, they were not being read properly. Changing to PHP 5.3 also changed the location of the configuration file being read. I have gone ahead and moved /home/jeffrey6/public_html/trafficsourcesreviews.com/php.ini to /home/jeffrey6/php.ini and made the appropriate changes for PHP5.3.
Thanks
Hi,
(PLEASE READ THE ENTIRE MESSAGE AS IT CONTAINS EVERYTHING I HAVE BEEN DISCUSSING WITH THE HOST)
I have raised this before and the problem has re-occured again and based on the answers below, I contacted the host and this is what they sent to me:
==============================================
Hello,
Below are the current session values on the server, i did see that you have several custom php.ini’s, but they are all renamed so that none of them are taking effect. Please advise which parameter you would like changed and to which value, and i will get your php.ini file created.
Thank You.
[root@gator3303 /home/jeffrey6/public_html]# php -i | grep session
session
session.auto_start => Off => Off
session.bug_compat_42 => On => On
session.bug_compat_warn => On => On
session.cache_expire => 180 => 180
session.cache_limiter => nocache => nocache
session.cookie_domain => no value => no value
session.cookie_httponly => Off => Off
session.cookie_lifetime => 0 => 0
session.cookie_path => / => /
session.cookie_secure => Off => Off
session.entropy_file => no value => no value
session.entropy_length => 0 => 0
session.gc_divisor => 100 => 100
session.gc_maxlifetime => 1440 => 1440
session.gc_probability => 1 => 1
session.hash_bits_per_character => 4 => 4
session.hash_function => 0 => 0
session.name => PHPSESSID => PHPSESSID
session.referer_check => no value => no value
session.save_handler => files => files
session.save_path => /tmp => /tmp
session.serialize_handler => php => php
session.use_cookies => On => On
session.use_only_cookies => Off => Off
session.use_trans_sid => 0 => 0
[root@gator3303 /home/jeffrey6]# ls -l | grep php.ini
-rw-r–r– 1 jeffrey6 jeffrey6 39505 Nov 13 2012 php.ini.bad
-rw-r–r– 1 jeffrey6 jeffrey6 39147 Nov 7 2012 php.ini.good
-rw-r–r– 1 jeffrey6 jeffrey6 39563 Dec 5 2012 php.ini_HGBAK
-rw-r–r– 1 jeffrey6 jeffrey6 39092 Oct 26 2012 php.ini.hgbak-OHW-19813922
===========================================
Then our wordpress developer suggested I send this to them:
Here’s the parameter:
session.gc_maxlifetime => 1440 => 1440
session.cookie_lifetime => 0 => 0
What we want is to make it 24 hours if possible. Once user logs in, they should stay login for 24 hours. If this is not possible, then disable it so it doesn’t logout at all.
============================================
Then their response:
I have set PHP gc maxlife to 24 hours. This really should not be set to never time out as its possible that stale session IDs will never get deleted and can eventually exhaust inode space.
If you are still seeing sessions expire prematurely, I would suggest investigating your website configuration as well.
==============================================
But the problem has persisted logging out just after 15-20 minutes irrespective of whether you are using the site or not. So I contacted them again and below is their response:
I have seen problems before like this when a site uses the global session directory, though it is rather rare. I have set the session directory in your PHP configuration to one under your account. If anything, it will also help us to make sure it’s not just the session file getting cleaned out prematurely for some reason. If the problem remains, please let us know and we will be glad to look further into this.
I see that session.gc_maxlifetime is still configured for 24 hours. I highly recommend contacting your plugin developer to see what may be causing this, as this does not appear to be a server configuration issue. If you need any other PHP settings changed, please advise.
========================================
JEFF
Hi Jeff, I will give you a few facts
This plugin is being used by thousands of users. So if we had an issue whereby users just couldn’t stay logged in, we would know for sure. It is a core functionality… there is no way we can have a plugin out there where the core functionality is broken.
You could take this plugin right now and put it on a server (from another hosting company) and you WILL NOT see this issue.
You mentioned this issue a while back, your host fixed some stuff and it started working. If the plugin had the issue in its code why would it ever work?
With that said, I will jump on your site and do a settings check too. I have sent you an email to get access.
- You must be logged in to reply to this topic.