Logout with no reason

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
vmNav2
Registered User
Posts: 17
Joined: Thu Oct 19, 2017 2:44 pm

Logout with no reason

Post by vmNav2 »

Support Request Template
What version of phpBB are you using? phpBB 3.2.2
What is your board's URL? https://forum.navigraph.com
Who do you host your board with? Amazon AWS
How did you install your board? I used the download package from phpBB.com
What is the most recent action performed on your board? Fresh Install
Is registration required to reproduce this issue? No
Do you have any MODs installed? No
Do you have any extensions installed? No
What styles do you currently have installed? default
What language(s) is your board currently using? eng
Which database type/version are you using? PostgreSQL
What is your level of experience? Comfortable with PHP and phpBB
What actions did you take (updating your board; installing a MOD, style or extension; etc.) prior to this problem becoming noticeable? No answer given
Please describe your problem. Sometimes user logged out without any reason. "Sometimes" means its very difficult to reproduce. I checked all settings for cookies and sessions - looks OK. And for 90% of sessions everything works fine but sometimes users complain about the logout issue.
It might be important that we host our forum on AWS and right now it works like this:
User -> Load Balancer -> Web server.
I see in session_keys table IP address for the Load Balancer (not for user) and the IP changes very often.
Anyway, any ideas why user is logged out sometimes?
Generated by SRT Generator
Last edited by vmNav2 on Wed Jun 20, 2018 1:30 pm, edited 1 time in total.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26455
Joined: Fri Aug 29, 2008 9:49 am

Re: Logout with no reason

Post by Mick »

It appears the address of your board is https://forum.navigraph.com please note https and therefore you need to enable cookie secure. Also, you need to put a redirect in your .htaccess file to direct everything to https.

See Knowledge Base - Fixing incorrect cookie settings

This redirect should work for you, add it to .htaccess:

Code: Select all

#Rewrite everything to https
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
DON’T duplicate RewriteEngine on when you edit .htaccess.

If you’re not sure about this speak to your host.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
vmNav2
Registered User
Posts: 17
Joined: Thu Oct 19, 2017 2:44 pm

Re: Logout with no reason

Post by vmNav2 »

This is already done in web server configuration for permanent redirect http -->https. I fixed the initial post
So my issue is the same as before - strange logout for <10% sessions
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26455
Joined: Fri Aug 29, 2008 9:49 am

Re: Logout with no reason

Post by Mick »

Mick wrote: Wed Jun 20, 2018 1:23 pmyou need to enable cookie secure
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
vmNav2
Registered User
Posts: 17
Joined: Thu Oct 19, 2017 2:44 pm

Re: Logout with no reason

Post by vmNav2 »

Mick wrote: Wed Jun 20, 2018 1:42 pm
Mick wrote: Wed Jun 20, 2018 1:23 pmyou need to enable cookie secure
Maybe I don't understand this part in cookie settings:
If your server is running via SSL set this to enabled else leave as disabled. Having this enabled and not running via SSL will result in server errors during redirects.
So in my configuration AWS Load Balancer works with web server via http. It works like this:

User <--https---> Load Balancer <--http--> Web server

I want to confirm one more time - should I really to enable cookie secure. If answer is yes, could you provide more details about why? Thank you!
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26455
Joined: Fri Aug 29, 2008 9:49 am

Re: Logout with no reason

Post by Mick »

Yes. If you don’t enable cookie secure and your site is served over https users won't be able to stay logged in as the browser won’t be receiving the correct information. Anyway, try it, if it doesn’t work for you you can change it back.

No idea about load balancers.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
vmNav2
Registered User
Posts: 17
Joined: Thu Oct 19, 2017 2:44 pm

Re: Logout with no reason

Post by vmNav2 »

Still the same issue - users still complain. All your recommendations for cookie settings already applied. Any ideas about next step/thing to check?
Thank you
User avatar
janus_zonstraal
Registered User
Posts: 6414
Joined: Sat Aug 30, 2014 1:30 pm

Re: Logout with no reason

Post by janus_zonstraal »

Could it be your "Loadbalancer" ?
I read on the Wikipedia:
Persistence

An important issue when operating a load-balanced service is how to handle information that must be kept across the multiple requests in a user's session. If this information is stored locally on one backend server, then subsequent requests going to different backend servers would not be able to find it. This might be cached information that can be recomputed, in which case load-balancing a request to a different backend server just introduces a performance issue.[7]

Ideally the cluster of servers behind the load balancer should be session-aware, so that if a client connects to any backend server at any time the user experience is unaffected. This is usually achieved with a shared database or an in-memory session database, for example Memcached.

One basic solution to the session data issue is to send all requests in a user session consistently to the same backend server. This is known as persistence or stickiness. A significant downside to this technique is its lack of automatic failover: if a backend server goes down, its per-session information becomes inaccessible, and any sessions depending on it are lost. The same problem is usually relevant to central database servers; even if web servers are "stateless" and not "sticky", the central database is (see below).
Sorry! My English is bat ;) !!!
vmNav2
Registered User
Posts: 17
Joined: Thu Oct 19, 2017 2:44 pm

Re: Logout with no reason

Post by vmNav2 »

janus_zonstraal wrote: Sun Jun 24, 2018 11:06 amCould it be your "Loadbalancer" ?
To "blame" the LoadBalancer is the very first idea I had to be honest. In the end, we could reproduce the issue with only web-server. I mean there is the only web-server "after" the load balancer and there is no any DB/cache to share between web-servers. My plan is to exclude the LoadBalancer even though I am almost sure this is not the reason - just to exclude it as the cause. Any other ideas? Any debug/log on client side with browser dev tools? Thank you
Last edited by Mick on Mon Jun 25, 2018 7:50 am, edited 1 time in total.
Reason: Removed unnecessary whole post quote.
User avatar
Brf
Support Team Member
Support Team Member
Posts: 53379
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: Logout with no reason

Post by Brf »

vmNav2 wrote: Wed Jun 20, 2018 10:45 am Is registration required to reproduce this issue? No
How would one reproduce being logged out with having a registered account?
vmNav2
Registered User
Posts: 17
Joined: Thu Oct 19, 2017 2:44 pm

Re: Logout with no reason

Post by vmNav2 »

Brf wrote: Mon Jun 25, 2018 1:11 am
vmNav2 wrote: Wed Jun 20, 2018 10:45 am Is registration required to reproduce this issue? No
How would one reproduce being logged out with having a registered account?
Registration is closed on the forum so answer "Yes" is wrong but "No" is also not true - a bit confusing, sorry about that. Anyway I created test account which you could use to reproduce: phpbbtestlogout/phpbbtestlogout1 - this is the test credentials. As I said before to reproduce is not so easy and I still don't know to do it step by step - and this is my main problem. Thank you
User avatar
GanstaZ
Registered User
Posts: 1187
Joined: Wed Oct 11, 2017 10:29 pm
Location: GZOverse

Re: Logout with no reason

Post by GanstaZ »

If all settings are set and correct, then only way to reproduce it is by testing all browsers (older versions).
Usus est magister optimus! phpBB pre-Triton & latest php environment.
When answer lies in the question, question becomes redundant!
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26455
Joined: Fri Aug 29, 2008 9:49 am

Re: Logout with no reason

Post by Mick »

The cookie settings are correct.

One more thing you can try is adding a dot at the beginning of your Cookie domain like .forum.navigraph.com. It works in some cases.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
Post Reply

Return to “[3.2.x] Support Forum”