Symphony.

I was able to narrow down the problem on my site to a single line of javascript in my front end template

I can’t imagine why a broken image url would have anything to do with the log out problem. How would that jQuery statement know whether there’s really an image behind the url or not?

But I have been paying more attention to the log out pattern on my site, and it isn’t as random as I’d thought. It seems to be triggered only by particular pages. I emptied the .xsl for those pages, and I still get logged out. So I don’t think it has anything to do with anything after the xml generation, and that would seem to nix any front end jQuery issues as the cause.

So, for me anyways, it is only triggered by particular front end pages, and it always occurs after a ?debug, ?debug=params, ?debug=result, or ?profile, and almost always when moving from the admin area to any front end page. Sometimes the ?debug type urls from the front end log me out without actually taking me to those pages.

Hmm:

• If it’s going to the wrong URL, that’d hit the Error Handler. Perhaps this is corrupting the Session
• If the problem occurs between Frontend and Administration, maybe they are doing something different in terms of checking if a User is logged in or not. I can already see a difference between the two renderer’s isLoggedIn function. The Administration accepts auth tokens of 6 or 8 in length, whereas the Frontend only works off 8 characters.

I updated an install a few days ago to 2.1 and since then I’ve been logged out once a day. It’s not as problematic as being logged out on each page refresh but something is really going wrong here.

In class.session.php can you comment out the contents of the garbage collection function(s) which delete rows from sym_sessions and see if that resolves the problem? The regex/queries for selecting rows has changed so I wonder if it’s deleting more than it should.

Is is correct that session_expires in the database is set to the exact login date and not to a time in the future?

Or are there any possible issues with timezones or daylight saving?

Yes, I think this has always been the case.

Are you seeing your session rows being deleted too soon?

I’ve got two sessions in my table: One from yesterday afternoon and another from this morning. I was logged out this morning as I was yesterday morning and yesterday afternoon (I guess at the time stored in the first session).

I’ve got a session cookie as well which will expire on August, 18th 2010, 8:51am. If the session lifetime is 14 days this cookie was correctly build yesterday morning.

Nevertheless, I was not recognized as logged-in user since I’ve updated to Symphony 2.1 once in a while.

P. S.: Maybe I should note that I access the site from different computers. Nevertheless the session settings on one device should not be interfering with another device.

AFAIK you should automatically get logged out when your cookie expires. The cookie only saves the PHPSESSID which relates the cookie with a session row in the sym_sessions table. The session_expires field in that table saves the time of the last request from a user agent the has a cookie with the corresponding PHPSESSID cookie. And you also should automatically get logged out when the garbage collector comes and finds a row in the sym_sessions table that is either older than some amount of time or empty. The time value for the first condition is time() - $max, the current time - the value of $max. Where is $max set, or is it automatically set in the environment? To check for empty session rows Symphony uses this '^([^}]+\|a:0:{})+$' SQL REGEX condition. The condition was changed from a similar WHERE statement to this REGEX statement in Symphony 2.1.

The first choices for debugging are to check both conditions, by printing out the query or time or to check if the REGEX accidentally finds more sessions than it should.

How do the values in your session_data field look like? The logout-bug in the Symphony 2.08RC was caused by a to loose garbage collection. It just checked for an empty serialized array at the end of session_data field.

I guess the problem might be related to switching computers as I access the page from work as well as from home and if I look back I always have been logged out after switching places.

This is how the sessions in the database look like:

c953d78e7a740645e2c94cad34846604
1280934749
sym-|a:2:{s:8:"username";s:4:"Username";s:4:"pass";s:40:"43d6a65ccb04c79d4c9c7d42d0c605c29164f71d";}

4e21c72bd40b8d7f39b56b7b77dfded8
1280991360
sym-|a:2:{s:8:"username";s:4:"Username";s:4:"pass";s:40:"43d6a65ccb04c79d4c9c7d42d0c605c29164f71d";}

This is how the cookie looks like:

<dict>
    <key>Created</key>
    <real>302597507.384013</real>
    <key>Domain</key>
    <string>mydomain.de</string>
    <key>Expires</key>
    <date>2010-08-18T06:51:46Z</date>
    <key>Name</key>
    <string>PHPSESSID</string>
    <key>Path</key>
    <string>/mypath</string>
    <key>Value</key>
    <string>4e21c72bd40b8d7f39b56b7b77dfded9</string>
</dict>

I’ll check this again on my computer at home later this afternoon and see if anything changes.

I have a 2.1.0 install with the default workspace that I have been modifying.. I’ve had this problem since installation, and have been watching this thread since.

For me, if I login to the backend, I am instantly logged out if I access the front end at all. Very frustrating, cause I can’t even get to /?debug.. Sure you can all imagine some of the difficulties I’m running into without that. :)

I am not sure if this has been introduced in 2.1. I have a 2.0.8 installation where I can not access “admin” pages when I am logged in. There might be some correlation…

What browser are you using?

I would love to be able to reproduce it to debug it, but so far no luck.

This issue is continuing to occur for me.

My environment: Symphony 2.1.0 (new install), Vista, WampServer, Firefox 3.6.8

It seems to occur when I have an error on the public facing portion of the site that I’m developing. For example, I have a Data Source and a Page that requires a URL parameter : (e.g. http://localhost/blue/portfolio-single/entry) and I forget to provide the entry parameter (e.g. http://localhost/blue/portfolio-single/) All that is presented on the front end is a blank page when I visit this incorrect URL

When I go to navigate in the admin (e.g. Select Blueprints->Components) I find myself at the login screen.

What is interesting is that I then login and I find myself at http://localhost/blue/symphonyprints/components) Notice that the URL has been mangled and should read http://localhost/blue/symphony/blueprints/components).

When I fix the URL I am back in the admin screen and able to interact again.

The admin functions work perfectly fine as long as I don’t cause an error issue during my development. Also, I can interact with the front end (refresh, visit different pages, etc.) without being logged out (as long as none of my front end pages don’t have any errors, such as improper URLs, image paths, etc.)

I’ve developed sites with 2.0.7 and 2.0.8RC3 before and never had this issue occurring during development.

Many people are experiencing login/logout problems, but most of them are different in nature. This suggests to me that something random is occurring. And I think it is a function of the hosting installation. My public site has the problem but my local development site does not.

Earlier today I changed session.gc_divisor to 1 in class.session.php in order to force session garbage collection. I then changed it back to 3. For most of the day after that it kept me logged in even when I restarted my browser. But now it is back to logging me out when I leave the site.

Now I’m going to set session.gc_divisor back to 1 and leave it that way for a day or two to see what happens.

I exported my ensemble and moved it to a Linux install (Ubuntu 9.10) with Firefox 3.6.8. I performed the same error condition as I described in my previous posting and the logout issue did not occur. Everything worked as expected (presented with a page not found in the front end and stayed logged in the admin side.

So it appears to be specific to my Windows development box and isn’t occurring on my Linux install.

@bluecube - My local site, which is working correctly, is on Ubuntu 10.04 and I’m using Firefox 3.6.8.

More strangeness. This time, setting session.gc_divisor to 1 in class.session.php didn’t force garbage collection. I had to set it to 1 in the site php.ini file. So far it hasn’t logged me out.

@wisolman: What OS does your public site use? If it’s a windows host, that could mean it’s a windows issue.

@bluecube: Can you share your ensemble? Maybe that will trigger the error here. I am using windows aswell, but I can’t reproduce any login/logout issues.

Can everyone having login issues report their PHP version numbers here? Thanks.

System: Windows XP & Vista

XAMPP: Apache/2.2.12,PHP/5.3.0