Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
WebCMS Posted November 16, 2023 Posted November 16, 2023 It is annoying while actively using the ACP, the session gets logged out frequently on IC cloud. Even while using it continuously without a gap of more than a couple of seconds, it logs out on page submission which is strange. It is not sensing the active session and doing its own thing.
Jim M Posted November 16, 2023 Posted November 16, 2023 Sounds like your IP address may be changing. Are you swapping between networks, VPNs, proxies, or on any type of network that changes IP address frequently? Can tell you that, a lot of our team are constantly in our ACP and only get logged out when we go beyond the PHP session timeout.
WebCMS Posted November 16, 2023 Author Posted November 16, 2023 I've just checked in the IP Address Tool and it shows multiple IP addresses used today which makes sense. I have a 1 GBPS connection and not sure why. This is only happening for the last one week. Need to call my ISP. Also, after re-login, ACP reverts to Light theme.
Jim M Posted November 16, 2023 Posted November 16, 2023 2 minutes ago, WebCMS said: Also, after re-login, ACP reverts to Light theme. Would check to ensure your browser is accepting cookies and local storage. Sounds like another possibility.
My Sharona Posted November 16, 2023 Posted November 16, 2023 Overview > Settings > Two Factor Authentication > Do Not Ask Again For
WebCMS Posted November 16, 2023 Author Posted November 16, 2023 (edited) 1 hour ago, My Sharona said: Overview > Settings > Two Factor Authentication > Do Not Ask Again For Do not again for - is set to: "[X] for the rest of the session" I remember I changed some settings here recently but not sure which one. Edited November 16, 2023 by WebCMS My Sharona 1
My Sharona Posted November 16, 2023 Posted November 16, 2023 12 hours ago, WebCMS said: Do not again for - is set to: "[X] for the rest of the session" I remember I changed some settings here recently but not sure which one. Just for faeces and giggles, try setting it for 2 hours. WebCMS 1
Marc Posted November 17, 2023 Posted November 17, 2023 12 hours ago, WebCMS said: Do not again for - is set to: "[X] for the rest of the session" I remember I changed some settings here recently but not sure which one. What you are having isuses with there is not related in any way to this setting. As mentioned above, if your IP is changing constantly, its very likely this that is causing your logout issues My Sharona 1
WebCMS Posted November 21, 2023 Author Posted November 21, 2023 (edited) On 11/17/2023 at 4:17 AM, Marc Stridgen said: What you are having isuses with there is not related in any way to this setting. As mentioned above, if your IP is changing constantly, its very likely this that is causing your logout issues I see the exact same admin ID logged into the frontend is having no issues and logged in for weeks without getting kicked out. But the ACP login with the same ID is getting kicked out frequently. Earlier, ACP login used to get kicked out like once in 15-30 minutes (only when idling) but never while using it actively. But now, it is happening more frequently even while using it actively. Is ACP auth logic different from front-end auth? Is it possible to make ACP auth persistent similar to frontend auth? Edited November 21, 2023 by WebCMS
Marc Posted November 21, 2023 Posted November 21, 2023 The admin CP and front end login are different in nature, in terms of timeout. The front end can indeed be logged in for weeks. The admin CP cannot. It will log you out if inactive. However if its logging you out during use, that can only be because the session data is changing on your browser end (usually the IP). It is not possible to make both the same WebCMS 1
WebCMS Posted November 22, 2023 Author Posted November 22, 2023 (edited) I've seen online this issue of changing IP Address with Xfinity reported by many users and there is no way around it other than getting a static IP Address. With my connection, I'm seeing the provider is switching between 3-6 IP Addresses per day and frequently switching between them all through the day/night very frequently. There is no point in even discussing this issue with the provider. Will it be feasible to provide an option in the ACP to make the session persistent (Default: OFF) like the front-end session regardless of the IP Address for such situations where the Admin would knowingly turn it on so he could continue working without disruptions and getting kicked out in the middle of his work and losing changes repeatedly with a very, very bad UX, frustration and waste of time? Some options - The Admin can set a timeout value to keep the session persistent (Eg: 2 hours) after which the session would revert to default behavior. The Admin can turn it off after he is done working The option may be turned off (Default) programmatically after some idle timeout (Eg: 1 hour) The option may be turned off (Default) programmatically when he signs out New sessions will start out with the option turned OFF as Default for max security. The behavior will remain the same (OFF) until the Admin decides to turn it On knowingly and uses it actively. The above hybrid suggestion is to just relax it a little bit so the ACP becomes usable without getting kicked out repeatedly and losing work. If the Admin is working actively, it may be ok to keep the session on. If not active, idle timeout would kick in and end the session, anyway. Edited November 22, 2023 by WebCMS
Marc Posted November 22, 2023 Posted November 22, 2023 If the IP is causing you an issue, and this isn't something you can change your end for some reason, then yes we can bypass that check for your site, if you would like us to do so? Note, that while I completely understand the comments on bad UX there, this is a security function, and security would always come above user experience.
WebCMS Posted November 22, 2023 Author Posted November 22, 2023 Yes, please bypass the check for my site. I'll turn on 2FA. I'm the only one using ACP on my site.
Solution Marc Posted November 22, 2023 Solution Posted November 22, 2023 This has now been done WebCMS 1
Recommended Posts