Jump to content

Login on desktop and phone several times during the day


Adriano Faria

Recommended Posts

  • Replies 66
  • Created
  • Last Reply
  • 3 months later...

I am having this issue on my dev site. I'm not sure if it's been going on for a while now and I just didn't really notice because I wasn't switching between devices, but now that I am looking for it, it is unmistakable.

The cycle goes like this:

* Log in to site on computer browser

* Close browser

* Load site on phone and log in

* Force close browser on phone

* Open computer browser again

* I am now logged out in the computer browser

* If I now open a browser in my phone again, I will be logged out of that once again too

Basically logging in on any one device seems to invalidate the cookie on any other browser. And yes, I am clicking "Remember Me" and yes I still have the cookies on all my devices saved.

I was hoping to actually do the site migration and go live this weekend but this is just unacceptable.

Link to comment
Share on other sites

4 hours ago, Linguica said:

I am having this issue on my dev site. I'm not sure if it's been going on for a while now and I just didn't really notice because I wasn't switching between devices, but now that I am looking for it, it is unmistakable.

The cycle goes like this:

* Log in to site on computer browser

* Close browser

* Load site on phone and log in

* Force close browser on phone

* Open computer browser again

* I am now logged out in the computer browser

* If I now open a browser in my phone again, I will be logged out of that once again too

Basically logging in on any one device seems to invalidate the cookie on any other browser. And yes, I am clicking "Remember Me" and yes I still have the cookies on all my devices saved.

I was hoping to actually do the site migration and go live this weekend but this is just unacceptable.

In theory, that shouldn't happen (the code shouldn't log out very frequently, though it does intentionally automatically log you out sometimes), but this plugin fixes all issues related to being automatically logged out for me

 

Link to comment
Share on other sites

3 hours ago, Colonel_mortis said:

In theory, that shouldn't happen (the code shouldn't log out very frequently, though it does intentionally automatically log you out sometimes), but this plugin fixes all issues related to being automatically logged out for me

Thank you, this seems, at least at first glance, to fix the problem with constant logouts. But, and please don't take this the wrong way, I don't like the idea of relying on an unsupported third-party patch to make very basic functionality of my software work properly. I would feel better about it if I knew what exactly *caused* the issue and why IPB hasn't fixed it by default yet.

It looks like all your plugin does is remove this check from \IPS\Member::checkLoginKey():

if ( !$this->member_login_key or $keyExpiry->diff( \IPS\DateTime::create() )->days > 90 )
|
|
v
if ( !$this->member_login_key )

Which suggests there's something wrong with the date-checking class, or possibly on my server. I'll have to investigate further.

Link to comment
Share on other sites

1 minute ago, Linguica said:

Thank you, this seems, at least at first glance, to fix the problem with constant logouts. But, and please don't take this the wrong way, I don't like the idea of relying on an unsupported third-party patch to make very basic functionality of my software work properly. I would feel better about it if I knew what exactly *caused* the issue and why IPB hasn't fixed it by default yet.

It looks like all your plugin does is remove this check from \IPS\Member::checkLoginKey():


if ( !$this->member_login_key or $keyExpiry->diff( \IPS\DateTime::create() )->days > 90 )
|
|
v
if ( !$this->member_login_key )

Which suggests there's something wrong with the date-checking class, or possibly on my server. I'll have to investigate further.

Yeah, that is all that plugin does. Unfortunately, IPS have made it clear that they are happy with it working as it does currently

It continually logging out isn't quite what they intend, I hope though, so you might have more luck if you're able to track down the issue and report it.

Link to comment
Share on other sites

This is just me spitballing, but I just realized that people were complaining about this issue in the leadup to the change from daylight savings time to standard time, and now I'm experiencing it just before the change back from standard time to daylight savings time. Considering the bug seems to have something to do with generating a date in the future, it seems something to investigate at least.

Link to comment
Share on other sites

OK, so I'm kind of confused by what the code in checkLoginKey() is *supposed* to do, as well as what it is actually doing.

The important check here is:

$keyExpiry = \IPS\DateTime::ts( $this->member_login_key_expire );
if ( !$this->member_login_key or $keyExpiry->diff( \IPS\DateTime::create() )->days > 90 )

Which, if I am reading it right, means that if the member login key stored in the database is more than 90 days in the future, it will change your login key and force you to log in again.

Now, first off, I guess I don't get the logic here - why should this value *ever* be greater? As time passes, the interval between the current time and the login key expiration time will only ever decrease, not increase. (edit: OK, so I guess DateInterval returns an object with a "days" member that's always an absolute value, and a separate "invert" member that says if it's positive or negative. So I guess this is supposed to only return true after 180 days, i.e., once that days values ticks down from 90 to 0 and then back up again to 90.)

Second, 90 days *IS NOT THE SAME AS THREE MONTHS*.

Here's a simple test script:

<?php

require_once 'init.php';
\IPS\Dispatcher\External::i();

$member = \IPS\Member::loggedin();

print "my member login key expiration is ";
print $member->member_login_key_expire;

print "<br>in DateTime terms that is ";
$keyExpiry = \IPS\DateTime::ts($member->member_login_key_expire);
print $keyExpiry;

$three_months_from_now = \IPS\DateTime::create()->add(new \DateInterval('P3M'))->getTimestamp();
print "<br><br>ips calculates three months from now to be ";
print $three_months_from_now;

print "<br>in DateTime terms that is ";
$keyExpiry = \IPS\DateTime::ts($three_months_from_now);
print $keyExpiry;

print "<br><br>ips calculated difference between now and 3 months from now to be ";
print $days = $keyExpiry->diff(\IPS\DateTime::create())->days;
print " days";

if ($days > 90) {
  print "<br><br>this is greater than 90 so you're gonna get logged out, sorry charlie";
}
?>

and the output I just got on my machine immediately after logging in:

Quote

my member login key expiration is 1497205819
in DateTime terms that is 06/11/17 11:30 AM

ips calculates three months from now to be 1497205825
in DateTime terms that is 06/11/17 11:30 AM

ips calculated difference between now and 3 months from now to be 92 days

this is greater than 90 so you're gonna get logged out, sorry charlie

"three months from now" is currently 92 days, not 90, because you have a 31st day in March and another in May. So once you log in, you IMMEDIATELY have a date interval greater than 90 days between your member_login_key_expire value and the current time. So if you log in and reset your member_login_key_expire, logging in again on any other device within the next 2 days will ALWAYS reset your member_login_key and log you out of everything else.

Link to comment
Share on other sites

  • 2 weeks later...
  • 3 months later...

Hate to bump an old topic but I've noticed this starting to happen again. Have the forum on the latest General release tried clearing cache, even rebooted server and it still keeps happening. @Matttagging since I know you were the one who merged the fixed code last time. I can raise a ticket if you'd like and provide ACP/FTP info.

Link to comment
Share on other sites

2 hours ago, Natea said:

I don't know if its the same issue @thetrials but in my case, i use firefox and i have random logouts with latest firefox update 54, but now firefox updated to 54.0.1 and this update fix me the random logouts to my forum.

Using Chrome on desktop, Chrome on Phone, and Safari in iPad. I've been able to reproduce using the combination of browsers.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...