We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Change auto-logout time? | Forum

Topic location: Forum home » Support » General Questions
allyn
allyn Sep 24 '14
Maybe I'm missing something but I frequently have to log in to my Oxwall site after having been away a few hours despite having the "Remember me" box checked on the signin page.

Is there any way to change this relatively short auto-logout?  Facebook never (or very rarely) asks me to log in again.  I'd like similar behavior for my Oxwall site.  I am running Oxwall 1.7.1.

Thanks.
ross Team
ross Sep 24 '14
Does your browser saves cache and cookies? Check your browser settings. 
allyn
allyn Sep 25 '14
I don't think that's the problem.  Other sites like Facebook work just fine.

What causes Oxwall to think the session needs reauthenticating?
ross Team
ross Sep 25 '14
It's a cron job, that logs out all inactive user after 30 minutes of inactivity. 


the function is in ow_system_plugins/base/bol/user_service.php


 public function deleteExpiredOnlineUsers()    {        $timestamp = time() - 30 * 60; //30 minutes
        $this->userOnlineDao->deleteExpired($timestamp);

tammy harris
tammy harris Sep 25 '14
users should not be logged out by cron if they select remember me 

that cron code should only log out users that just close there browsers with out clicking log out button, well not actually log them out just as offline 

all users that select remember me should auto into the site anytime they visit until they click the log out button then next time they have to login 
The Forum post is edited by tammy harris Sep 25 '14
tammy harris
tammy harris Sep 25 '14
function deleteExpiredOnlineUsers()

should turn online users to offline users at set time frame
allyn
allyn Sep 28 '14
I don't think this has anything to do with online/offline.  This is about getting bounced to the login screen when trying to refresh the site already open in a browser tab.

I think the problem is happening most often with the Chrome browser on my Android phone and tablet.  I think I am getting the login screen after about 12 hours of non-use even though I have "Remember me" checked.

Firefox on Windows does not seem to have the same issue.

Any tips on debugging this?  Chrome on Android doesn't allow examinations of the cookies as far as I know.  If I enable debugging in Oxwall, where does the log go?
The Forum post is edited by allyn Sep 28 '14
ross Team
ross Sep 29 '14
There's no such logging after enabling debug mode. It displays live errors in the browsers, however server should have error logs, check your CPanel or FtP


Allyn, first, please make sure cookies are saved in your browser. 

The Forum post is edited by ross Sep 29 '14
allyn
allyn Oct 7 '14
With more observation I can say that I only see this behavior with Chrome on Android.  Chrome is the most popular browser on Android and the only one I've tested.

Cookies for every other site I visit work fine (like Facebook).  I can even log in to my site, reboot my phone or tablet, and when it boots back up I am still logged in, which would seem to prove that cookies are in use, at least for a short time.

The problem is just that after some small number of hours of non-use when I try to go back to the site I get thrown back to the login screen (I have guest viewing set to no).

Frustrating.  And difficult to debug.
The Forum post is edited by allyn Oct 7 '14
Emil
Emil Nov 17 '15
Quote from ross It's a cron job, that logs out all inactive user after 30 minutes of inactivity. 


the function is in ow_system_plugins/base/bol/user_service.php


 public function deleteExpiredOnlineUsers()    {        $timestamp = time() - 30 * 60; //30 minutes
        $this->userOnlineDao->deleteExpired($timestamp);

Hi Ross, can you please tell me what from this code do I have to change to logout users after 1 hour not 30 minutes? Thank you.
ross Team
ross Nov 17 '15
just replace 30 with 60
Emil
Emil Nov 17 '15
Thank you! :D
The Forum post is edited by Emil Nov 17 '15
Tassos H
Tassos H Sep 15 '16
Same here. I'm on the latest version of the oxwall script (1.8.4) and I'm facing the same issue.
A logged in user that doesn't log out, the next day is asked to re-enter username and password.

Asking credentials to login and show a user online/offline are two different things.
The second thing is the cron job you mention above. After a time interval you show users as off-line.

Now, if I want a user never to be asked again to re-enter username and password (as allyn said like fb does), what changes should I do? How do you keep logged in a returning user? Is it an entry in db that checks login time or just cookies?

Of course "remember me" is checked and this happen with Firefox, Chrome, on windows phone, on iphone, on different devices and laptops etc. So, it's not a browser configuration.


Regards
Saqib Karim
Saqib Karim Dec 26 '16
Has there been any resolution to this? As Tassos mentions above, online/offline and requiring to enter credentials are two different issues. It is OK to show a user as offline after 30 minutes but they should not be required to login again if they have not have logged out from a specific device. Or maybe, they should be required to login after a week or so.
Julien
Julien Dec 30 '16
I have the same issue. I have to login over and over again, which is very annoying when remember me is checked, and the cooke is set to expire in a very long time. This bug is now 3 years old!


P.s. it is not the delete online method from the cron job. Looking into the code it does this:

    public function deleteExpired( $timestamp )
    {
        $query = "DELETE FROM `{$this->getTableName()}` WHERE `activityStamp` < ?";

        $this->dbo->query($query, array($timestamp));
    }

Which only removes some records from the database. It does not log you out.
The Forum post is edited by Julien Dec 30 '16
Julien
Julien Dec 30 '16
BTW, I am doing some testing and I suspect the logincookie itself is the problem. In the code:

    /**
     * Creates and saves login cookie.
     *
     * @param integer $userId
     * @return BOL_LoginCookie
     */
    public function saveLoginCookie( $userId )
    {
        $loginCookie = $this->loginCookieDao->findByUserId($userId);

        if ( $loginCookie === null )
        {
            $loginCookie = new BOL_LoginCookie();
        }

        $loginCookie->setUserId($userId);
        $loginCookie->setCookie(hash_hmac('md5', time(), $userId));

        $this->loginCookieDao->save($loginCookie);

        return $loginCookie;
    }

It stores the userID as an md5 hashed value, that expires when browser is closed. Then when it checks it, it looks into loginCookieDao code. Which in turn, finds it from the database. So I think the cleanup actually logs you out, because your cookie cannot be found anymore.


Julien
Julien Dec 30 '16
I did some more digging, and I suspect that the FACEBOOK connect plugin does not store any login cookies. I could not find any place in the code, where after FB login, the actual cookie is saved somewhere. Maybe someone here on the forum knows?
Cesar Leiva
Cesar Leiva Dec 5 '17

I have the same problem every 1 hour asks me to initiate secion and that is quite annoying for the user


there is some solution and they are going 4 years with the same problem

domain ssdss
domain ssdss Dec 16 '21
pandora charms
hogan shoes sale
Love Kills Slowly
Denmark Adidas NMD Boost
Balenciaga Sneakers
Christian Louboutin Heels
Factory Outlet Nike Air Jordan
Cheap NFL Jerseys From China
Discount Pandora Disney
Golden Goose Hi Star
Authentic Adidas Discount Outlet
Jimmy Choo Slingbacks
Nike Air Jordan USA
Asics Gel Nimbus
mercurial superfly
Asics Shoes
Men's Ralph Lauren Hoodies New Arrival
Best Adidas NMD Boost Online
Converse All Star
Oakley Glasses Outlet
pandora rings
Fjallraven Festival Season
Adidas X 18 Soccer
Pandora Collections
Adidas Basketball Shoes
Adidas Nemeziz Store Online
Nike Air Max Wholesale Online USA
Cheap Nike Shoes
Salomon Boots
Adidas NMD
Oakley Eyewear
Ed Hardy Love Kill Slowly
pandora online
Buy Online Nike AJ Shoes
Snapback Hats Wholesale
Salomon Speedcross Fashion Designs
Ecco Sneakers
Bape Hoodies
Golden Goose Superstar
Polo Ralph Lauren Shop Free
Clearance Ed Hardy Prices
Buy Snapbacks Caps
Salomon Speedcross Shoes
cheap prices Ed Hardy UK
Jimmy Choo Slingbacks
Longchamp Le Pliage
Home Nike Air Jordan Low UK
Christian Louboutin Mary Jane Pumps
Off White Hoodies Top Designer
hogan outlet
Online Nike Air Max 720
Polo Ralph Laurens for women
adidas outlet
Birkenstock Online Store
ECCO Collection
Pandora Charms Pink Women
Salvatore Ferragamo
Polo Ralph Lauren Plus Size
Best Adidas Boost
Adidas Predator Nemeziz
Pandora Outlet Online
Christian Louboutin Red Soles
Adidas Yeezy Boost For Men
Polo Ralph Lauren worldwide shipping
Best Women's Hogan Shoes Online
Adidas Soccer Jerseys US New York
Salvatore Ferragamo
Pandora Necklaces 2021
Longchamp Le Pliage
Golden Goose Size
Jimmy Choo Shoes
Cheap Nike Shoes
Sale Nike Kyrie Worldwide
Outlet Nike Air Jordan 1 USA
Converse All Star
Ralph Lauren Outlet Online USA
Pandora Jewelry
ralph lauren polo shirts
adidas nmd boost
Pink Adidas Superstar
Jimmy Choo Sandals
Pandora Outlet
Fjallraven Kanken Backpacks
Soccer Shoes Outlet
polo ralph lauren outlet
Nike Air Max White Black
Ralph Lauren Polo Buy Online
Nike Kyrie Shoes US Save Off
air jordan retro
Wholesale online Salomon Running Shoes