Page 1 of 1

Cookie expiration. User can't stay logged in

Posted: Tue Jan 02, 2018 8:05 am
by super.user
Recently I got user's report. His sessions is expired in few days. But he should be logged for a longer time.
I checked cookie expiration in my browser. And it is approximately one year.
And "Remember Me" in security settings is set to 0.
What the problem could be here? Could anyone give some suggestions ?

Also, I can't understand explanation of "Remember Me" button:
Number of days after which "Remember Me" login keys are removed or zero to disable.
"or zero to disable" phrase.
It means disable expiration time(session will be live as long as it possible) ? or disable "remember me" function ?

Thanks =)

Re: Cookie expiration. User can't stay logged in

Posted: Tue Jan 02, 2018 9:57 am
by Mick
Please supply a link to your board.

Re: Cookie expiration. User can't stay logged in

Posted: Tue Jan 02, 2018 8:41 pm
by super.user
Here the link https://www.tracker-software.com/forum3/

and thanks for replay

Re: Cookie expiration. User can't stay logged in

Posted: Tue Jan 02, 2018 8:55 pm
by Brf
In your cookie settings you should have Secure Cookie set to "Enabled".

Re: Cookie expiration. User can't stay logged in

Posted: Wed Jan 03, 2018 6:32 am
by super.user
Thank you. I have just switched it =)

Could there be any other reason?

I also want to add:
Session length is set to 1800.

Re: Cookie expiration. User can't stay logged in

Posted: Wed Jan 03, 2018 1:22 pm
by Mick
I don't see any point you changing anything else, see how it goes first. The package works as is from installation in 99% of cases. Any type of cookie incorrectly set will give you this sort of issue.

Re: Cookie expiration. User can't stay logged in

Posted: Wed Jan 03, 2018 5:03 pm
by canonknipser
What is you session IP validation set to? If it is A.B.C (as default), set it to A.B or NONE

Some providers change IP-addresses of their customers quite often with new addresses in a different range, so when after 30 Minutes (as set in your session length) the new IP address does't match the first part of the old one and your member's session is invalid and the member is logged out.

Re: Cookie expiration. User can't stay logged in

Posted: Tue Jan 09, 2018 10:57 am
by super.user
My session IP validation set to NONE.
And I configured cookies settings according to the following article https://www.phpbb.com/support/docs/en/3 ... -settings/

Re: Cookie expiration. User can't stay logged in

Posted: Tue Jan 09, 2018 12:26 pm
by Mick
Your cookies are good now.

Re: Cookie expiration. User can't stay logged in

Posted: Tue Jan 09, 2018 5:45 pm
by Lumpy Burgertushie
and just FYI, the default session time is 60 minutes. 30 minutes ( your setting) is rather short.
also, when you are logged in, if you do not touch it for 30 minutes, you are logged out. as soon as you click on anything, it will log you back in
assuming you have the remember me box checked.

nobody stays logged in for days they just have the remember me box checked so that the board automatically logs them in when they visit the board or click on something after their session expires.

robert

Re: Cookie expiration. User can't stay logged in

Posted: Wed Jan 10, 2018 6:55 am
by super.user
Thanks for replay, Lumpy Burgertushie. :D
Users have already checked "Remember me" button. :(

I noticed following error log in maintenance tab: "Session IP/browser/X_FORWARDED_FOR check failed".
and I realized that in some case user's browser are changed.
How could that be possible?

Re: Cookie expiration. User can't stay logged in

Posted: Wed Jan 10, 2018 1:18 pm
by Mick
Have you tried it with prosilver?

Re: Cookie expiration. User can't stay logged in

Posted: Wed Jan 10, 2018 2:29 pm
by super.user
NO, I have not.
But after removing browser check in security settings it seems all work fine. But I don't think this is a good solution.

I also have found this topic.
viewtopic.php?f=46&t=943885
And we are using reCaptcha. Could it be related with this issue ?

Re: Cookie expiration. User can't stay logged in

Posted: Wed Jan 10, 2018 6:59 pm
by Mick
If you think it's reCaptcha, disable it and use Q&A instead, you'll soon know. The thing is, phpBB out of the box, doesn't suffer with cookie expiration from installation. There is the odd whoopsie where dots aren't placed in the right place but thousands don't have the issue. Try renaming your cookie to phpbb3_magtc and see what happens.

Re: Cookie expiration. User can't stay logged in

Posted: Mon Jan 15, 2018 12:00 pm
by super.user
OK. Thanks for replay =)