Jump to content

Logout issues while using ACP


Go to solution Solved by Marc,

Recommended Posts

Posted

It is annoying while actively using the ACP, the session gets logged out frequently on IC cloud.

Even while using it continuously without a gap of more than a couple of seconds, it logs out on page submission which is strange.

It is not sensing the active session and doing its own thing.

Posted

Sounds like your IP address may be changing. Are you swapping between networks, VPNs, proxies, or on any type of network that changes IP address frequently? Can tell you that, a lot of our team are constantly in our ACP and only get logged out when we go beyond the PHP session timeout. 

Posted

I've just checked in the IP Address Tool and it shows multiple IP addresses used today which makes sense. I have a 1 GBPS connection and not sure why. This is only happening for the last one week. Need to call my ISP.

Also, after re-login, ACP reverts to Light theme.

Posted
2 minutes ago, WebCMS said:

Also, after re-login, ACP reverts to Light theme.

Would check to ensure your browser is accepting cookies and local storage. Sounds like another possibility. 

Posted (edited)
1 hour ago, My Sharona said:

Overview > Settings > Two Factor Authentication > Do Not Ask Again For

Do not again for - is set to:

"[X] for the rest of the session"

I remember I changed some settings here recently but not sure which one.

Could contain: Page, Text, File

Edited by WebCMS
Posted
12 hours ago, WebCMS said:

Do not again for - is set to:

"[X] for the rest of the session"

I remember I changed some settings here recently but not sure which one.

Could contain: Page, Text, File

What you are having isuses with there is not related in any way to this setting. As mentioned above, if your IP is changing constantly, its very likely this that is causing your logout issues

Posted (edited)
On 11/17/2023 at 4:17 AM, Marc Stridgen said:

What you are having isuses with there is not related in any way to this setting. As mentioned above, if your IP is changing constantly, its very likely this that is causing your logout issues

I see the exact same admin ID logged into the frontend is having no issues and logged in for weeks without getting kicked out. But the ACP login with the same ID is getting kicked out frequently.

Earlier, ACP login used to get kicked out like once in 15-30 minutes (only when idling) but never while using it actively. But now, it is happening more frequently even while using it actively.

Is ACP auth logic different from front-end auth? Is it possible to make ACP auth persistent similar to frontend auth?

Edited by WebCMS
Posted

The admin CP and front end login are different in nature, in terms of timeout. The front end can indeed be logged in for weeks. The admin CP cannot.  It will log you out if inactive. However if its logging you out during use, that can only be because the session data is changing on your browser end (usually the IP).

It is not possible to make both the same

Posted (edited)

I've seen online this issue of changing IP Address with Xfinity reported by many users and there is no way around it other than getting a static IP Address. With my connection, I'm seeing the provider is switching between 3-6 IP Addresses per day and frequently switching between them all through the day/night very frequently. There is no point in even discussing this issue with the provider.

Will it be feasible to provide an option in the ACP to make the session persistent (Default: OFF) like the front-end session regardless of the IP Address for such situations where the Admin would knowingly turn it on so he could continue working without disruptions and getting kicked out in the middle of his work and losing changes repeatedly with a very, very bad UX, frustration and waste of time?

Some options -

  • The Admin can set a timeout value to keep the session persistent (Eg: 2 hours) after which the session would revert to default behavior.
  • The Admin can turn it off after he is done working
  • The option may be turned off (Default) programmatically after some idle timeout (Eg: 1 hour)
  • The option may be turned off (Default) programmatically when he signs out
  • New sessions will start out with the option turned OFF as Default for max security.

The behavior will remain the same (OFF) until the Admin decides to turn it On knowingly and uses it actively. The above hybrid suggestion is to just relax it a little bit so the ACP becomes usable without getting kicked out repeatedly and losing work.

If the Admin is working actively, it may be ok to keep the session on. If not active, idle timeout would kick in and end the session, anyway.

Edited by WebCMS
Posted

If the IP is causing you an issue, and this isn't something you can change your end for some reason, then yes we can bypass that check for your site, if you would like us to do so? 

Note, that while I completely understand the comments on bad UX there, this is a security function, and security would always come above user experience. 

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...