Bug #51979
closedNotorious random backend logout (session problem) 6.1 and 6.2
0%
Description
Hi again,
i'v read a lot of topics here on forge or mailing lists about users beeing logout from backend. I have never before expirienced this problem till the last month.
I moved my project to productive account (it is on the same server as my dev account - shared hosting - so the environment was the same). The only difference was switch to official domain (and probably some core updates as i'm using latest git version there). Then my backend starts to freak. I couldn't do languages updeate as after 5-6 items were checked there was an error and i had to login again. After some operation like upload images, or copy/paste some content elements the same problem. Even when i left backend for a minute inactive (i was doing something in other app) i get logout. It was annoying as i was kicked of the backend during some operation, like i mentioned before: files upload, contend edit/save, languages update etc.
I had this problem wih 6.1.x but few days ago i have started next project using 6.2-dev and i the same started.
I doubt the issue is inet provider as i can confirm it happens on 3 different machines (my laptop + friends network, my pc + home network, pc at work + work network) with 3 different networks.
All configurations related to session, cookies were default.
Yesterday i have changed from 4 to 0 this one:
[BE][lockIP]= 0
and the problem with beeing logout seems to be gone (on T3 6.2). I have tested this a bit more on 6.1 and values > 1 for this parameter cause the logout problem. Setting it to 0 or 1 'resolves' my problem.
So now im curious if there is some problem in T3 Core because i can't figure out what can cause this issue on my/server side.
TYPO3 6.1 and 6.2
PHP 5.5
Server Apache + Varnish (is turned off for typo3/ directories)
Updated by Guido Jansen about 11 years ago
Do you use Internet Explorer?
If yes, what cookieDomain do you have in Installation -> All Configuration?
Updated by Marcin Sągol about 11 years ago
I didn' test it on IE. I can confirm this problem on Linux: Firefox, Chrome, Opera and Windows: Firefox, Chrome as i used them to test.
I tried to set cookieDomain but his didn't help. If i inspect be_user cookie set by T3 the domain is set to the one im using.
Updated by Alexander Opitz about 11 years ago
Does someone else uses the same login?
Have you tried to remove all cookies from the domain and login after that?
Updated by Marcin Sągol about 11 years ago
Alexander,
no there is only me using login atm. and there is no other BE users.
I have cleard all cookies etc. on Chrome but this didn't help.
I tested 6.1 again just few minutes ago - tried to do languages update. It started to fail and i was logout. So i switched [BE][lockIP]= 1 to [BE][lockIP]= 0 also on this version and the update finished without errors or logouts (tried 2 times in a row).
Updated by Ernesto Baschny about 11 years ago
- Status changed from New to Needs Feedback
The problem is probably hidden in your last sentence:
you are using varnish as a reverse proxy for "everything besides /typo3". This means that /typo3 is getting hit by a different IP address (your ISPs) than the rest of the site, which is getting hit by the of the varnish server. But your browser is sending the same Cookie for both connections (because it doesn't really know about varnish). So if you have "lockIP" set to something >1, and the whole IP changes between requests, the session will get instantly invalidated. This is a just a matter of accessing a TYPO3 backend module through typo3conf/ext/... etc. There might be multiple ways of getting into this situation.
So setting lockIP to "0" should be one solution. The other one would be to always go through varnish and configuring it to simply not cache certain requests.
See here for a very complete example:
Does that solve your problem?
Updated by Marcin Sągol about 11 years ago
Ernesto Baschny thank you for your response. I'll contact with server administrator and test this configuration for varnish. I will post here results in a few days.
Updated by Marcin Sągol almost 11 years ago
Hi,
finally i had time to test it. It seems that this configuration helped :-) Thank you very much.
I think this issue can be closed.
Updated by Alexander Opitz almost 11 years ago
- Status changed from Needs Feedback to Closed
Updated by BENCH Artwork almost 11 years ago
Have still this issue on TYPO3 6.1.7 with Safari. As soon as i open safaris web inspector it will logout from backend. [BE][lockIP]= 0 didn't solved the problem.
Updated by Johannes Hovda almost 11 years ago
Same here... Typo3 6.1.7, PHP 5.5, trying both Safari and Firefox, and have set [BE][lockIP]= 0.. After login, I get logged out again. Now, it is impossible to log back in, until the sessions expires..