Radomly being thrown/logged-out of Bolt

bolt / core

🧿 Bolt 5 core

https://boltcms.io

MIT License

544 stars 158 forks source link

Radomly being thrown/logged-out of Bolt #3164

Open Sander-Hub opened 2 years ago

Sander-Hub commented 2 years ago

Several times a day, after being logged in to Bolt after about 30 minutes I (and other users of Bolt) expierence a sudden logout / ergo 'thrown' out of Bolt. Sometimes this occurs at least twice within half an hour. Even when the 'remember me' checkbox is marked.

When submitting content while this happens, it means los of content. Sometimes this sudden logout occurs when clicking on a save button.

I work on Windows and develop on the WSL2 (Ubuntu 20.04 TLS) and my daily browser is Firefox.

This sudden logout occurs on both development as production enviroments.

I can confirm this is occuring with other users as well. Hence the reason I figured to create an issue of this. Perhaps other Bolt devs/users may have expierenced this?

Details

Question	Answer
Relevant Bolt Version	5.1.7
Install type	Composer install
PHP version	7.3
Web server	Symfony

brysont commented 2 years ago

I can second this. Bolt 5.1.7, PHP 7.4, Vultr hosting. Opera browser (latest) and Windows 10.

Randomly logs users out as soon as just 17 minutes after logging in. As Sander-Hub mentioned, includes being logged out when saving an entry. "Remember Me" option checked. framework.yaml sets the session duration at 14 days with the PHP handler by default, though the remember me function says 30 days. Changed the default session to 30 days (fits my needs) and the handler to Symfony (per Symfony's session docs - 'session.handler.native_file'). Unclear if the handler change fixes it yet as the change was just made. Will follow-up.

Edit: Still doing it after my changes to session management.

Sander-Hub commented 2 years ago

With the latest update Bolt 5.1.9 it looks like this issue might be solved. I will keep an extra eye on this. But so far so good, I have not expierenced any sudden logout. Although I might me commenting to soon.

bobdenotter commented 2 years ago

I've not been able to reliably produce this yet, but one of my colleagues had this issue too, intermittently.

Changing the session section in config/packages/framework.yaml to the following helped a lot for them:

    session:
        # With this config, PHP's native session handling is used
        cookie_lifetime: 1209600 #expires in 14 days
        storage_factory_id: session.storage.factory.native
        handler_id: 'session.handler.native_file'
        save_path: '%kernel.project_dir%/var/sessions/%kernel.environment%'

doenietzomoeilijk commented 1 year ago

I encounter the same issue. This might be related to (and should be solved by) #3422 — at least, if you check the box while logging in.

The underlying OS and setup of PHP might also play a role in how / how long session files are kept for, which might explain why @bobdenotter can't reproduce it reliably.