Disconnection too fast

[wazari972]

when I am logged in Selfoss, the session doesn't last very long when I don't use it. I get logged out, but 1/ the interface is not refreshed so update, mark as read, etc fail, and 2/ I need to relog in to use selfoss normally.

Sounds like selfoss doesn't use cookies, is it on purpose? would you want to implement it?

[niol]

selfoss uses cookies and the session should last 30 days. It works well for me. If it does not work for you, there is something wrong with your setup. We need more info to investigate. Do you know how to check if the cookie is in place? You should see a PHPSESSID cookie in your browser.

However, what you say about AJAX requests failing is interesting, and selfoss could redirect to the auth page if an action is denied. This is another issue.

[wazari972]

selfoss uses cookies

yes, I saw that in the code right after reporting the issue ... ;-)

You should see a PHPSESSID cookie in your browser.

yes it's there, valid for 30 days, on path /.

FYI, sessions work well on the same setup with https://github.com/ldleman/Leed (they appear to use an additional cookie, named leedStaySignedIn)

On Fri, Sep 26, 2014 at 12:58 PM, niol notifications@github.com wrote:

selfoss uses cookies and the session should last 30 days. It works well for me. If it does not work for you, there is something wrong with your setup. We need more info to investigate. Do you know how to check if the cookie is in place? You should see a PHPSESSID cookie in your browser.

However, what you say about AJAX requests failing is interesting, and selfoss could redirect to the auth page if an action is denied. This is another issue.

— Reply to this email directly or view it on GitHub https://github.com/SSilence/selfoss/issues/563#issuecomment-56947421.

[niol]

Well, if I cannot reproduce, I need more info. When you get logged out, is your PHPSESSID still there? Do you always access selfoss with the same path or domain?

[wazari972]

Well, if I cannot reproduce, I need more info

I'll give you everything you need !

When you get logged out, is your PHPSESSID still there?

yes it is, same value, same expiration date

Do you always access selfoss with the same path or domain?

yep, subdomain.domain.info

On Fri, Sep 26, 2014 at 4:36 PM, niol notifications@github.com wrote:

Well, if I cannot reproduce, I need more info. When you get logged out, is your PHPSESSID still there? Do you always access selfoss with the same path or domain?

— Reply to this email directly or view it on GitHub https://github.com/SSilence/selfoss/issues/563#issuecomment-56969769.

[KriPet]

I seem to remember having the same problem. I think I fixed it by changing some session variables in php.ini. Not sure though.

[niol]

selfoss uses standard PHP sessions, which is not the case for Leed which uses its own implementation.

[wazari972]

it seems that PHP default session life time is 24min:

$ grep gc_maxlifetime /etc/php5/apache2/php.ini

session.gc_maxlifetime = 1440 ; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):

could you check what value you have ?

it seems that I could override it in Selfoss .htaccess http://stackoverflow.com/a/6253756/341106 file, but I don't know if this is a good practice

Thanks,

Kevin

On Sun, Sep 28, 2014 at 5:50 PM, niol notifications@github.com wrote:

selfoss uses standard PHP sessions, which is not the case for Leed which uses its own implementation.

— Reply to this email directly or view it on GitHub https://github.com/SSilence/selfoss/issues/563#issuecomment-57089566.

[KriPet]

Yeah, I changed that to 86400, and I'm pretty sure that fixed my problem. I changed the php.ini, not the .htaccess, so your mileage may vary.

[niol]

I have session.gc_maxlifetime set to 1209600 (14 days).

You can set it anywhere you like (php.ini, .htaccess). Putting this in the standard selfoss .htaccess (maybe commented) or as a ini_set('session.gc_maxlifetime', <value>) in the PHP source may help other users not to run into this issue.

[wazari972]

it seems not to work as expected, I put

php_value session.gc_maxlifetime 1209600 in selfloss .htaccess, but I'm still disconnected regularly ...

On Tue, Sep 30, 2014 at 4:30 PM, niol notifications@github.com wrote:

I have session.gc_maxlifetime set to 1209600 (14 days).

You can set it anywhere you like (php.ini, .htaccess). Putting this in the standard selfoss .htaccess (maybe commented) or as a ini_set('session.gc_maxlifetime',

) in the PHP source may help other users not to run into this issue. — Reply to this email directly or view it on GitHub https://github.com/SSilence/selfoss/issues/563#issuecomment-57322495.

[niol]

Are you sure the value is taken into account? If you put a simple php script displaying the variable value, does it work?

<?php
echo ini_get('session.gc_maxlifetime');
?>

[wazari972]

yes it is, I double checked, default value is 1440 as set in my php.ini and now it's 1209600 ... but the session doesn't last that long ...

On Mon, Oct 6, 2014 at 5:14 PM, niol notifications@github.com wrote:

Are you sure the value is taken into account? If you put a simple php script displaying the variable value, does it work?

<?php echo ini_get('session.gc_maxlifetime'); ?>

— Reply to this email directly or view it on GitHub https://github.com/SSilence/selfoss/issues/563#issuecomment-58032320.

[niol]

I do not know where to look. I added some debug info in #578 , maybe this will help us solve this?