Jump to content

Recommended Posts

I have 500 users using software I have developed, and 495 do not have a timeout problem.  Our default is to timeout after 60 minutes, but one particular office times out randomly and without warning.  The normal procedure is, like online banking, a pop up comes up to let them know they will be logged out in 60 seconds, or they can click continue to stay logged in.

 

The timer is based on JS, but on each page load a PHP function checks to see if they are timed out, and if they are, redirect them to the login page.  The JS pop up never occurs, so obviously the countdown hasn't happened, but when they click on a link, they are redirected to the login page.

 

Since the issue only occurs in one office, it leads me to believe it is a firewall or anti-virus issue, but I'm not sure...

 

Anyone have any thoughts on this?

Link to comment
https://forums.phpfreaks.com/topic/291279-session-timeout-issue/
Share on other sites

I don't have access to the location, so I can't really troubleshoot their location, however, I have told them that it is something in their office and to look into their firewall and anti-virus.

 

As to JS not being enabled, the site his heavily js reliant.  To the point that the homepage won't load unless JS is enabled.

sessions "going away" when navigating between pages or submitting forms is usually due to the host-name/sub-domain (the www.) in the url changing and the session.cookie_domain setting isn't set up to match all variations of the domain name, so that the session only matches the variation of the domain where it was created. this actually results in two different sessions for the visitor.

 

one way this could affect only one location is if they have a common link they were given that they use to access the site, that has one variation of the host-name/sub-domain, but the site itself uses links/form-actions that have a different variation of the host-name/sub-domain.

 

so, what is the session.cookie_domain setting for the site and/or is it redirecting requests without the www. on them to urls with the www on them?

Good thought, but I was holding back a twist.  The 500 users are spread across three sub-domains (the one having the issue has roughly 60 of those users), the format is sub.domain.com.  By typing www. to the front of the url actually sends you to an error page.

 

Just for fun, I tried modifying the URL in different ways that are still valid, and it didn't log me out...

 

Another side note,  I use ajax to load each page into container div, so the entire page only loads on the initial log in (or when the page is refreshed), I use JS to update the url on a "new page load" like  sub.domain.com/#new_page_name

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.