ATutor

Learning Management Tools


  1. Home



Pages:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15


Continuous logout



  • 2011-11-05 16:29:54

    Continuous logout

    My details are:
    Statistics & Information

    Database:
    5.85 MB
    Disk Usage:
    0.09 MB
    Courses:
    6
    Users:
    33
    ATutor Version:
    2.0.3(r11495 - 2011-09-13 13:27:29). Check Latest Version.
    PHP Version:
    5.3.3-7+squeeze3
    MySQL Version:
    5.1.49-3
    OS:
    Linux 2.6.32-5-686

    My problem:

    Whenever I login with a given user, does not matter whether instructor, administrator or student, after the first menu, I select... any class or menu tab, I am forced logout and need to log in again.
    This behavior occurs with Firefox, Chromium, and Safari browsers, tested on Windows and Linux platforms.

    Any light, please?
    :) :)


  • 2011-11-06 07:54:13

    Re: Continuous logout

    Try emptying the browser's cache.


  • 2011-11-06 07:55:39

    Re: Continuous logout

    Dump your browsers cookies.


    Be sure cookies and Javascript are turned .


  • 2011-11-06 11:11:43

    Re: Continuous logout

    Hi Greg.
    Thanks for the tip. Unfortunately, none of those worked, I am still forced logout every time; it looks like the session expires in ten seconds instead of ten hours.
    Also tried to change the values at vitals.inc for experimenting. The lines 64 and 65, I tried with:

    $_SESSION['OBSOLETE'] = false;
    and
    $_SESSION['EXPIRES'] = time() + 10000000;

    None of those changes reported any good.

    Rgds,
    Henry. :(


  • 2011-11-06 13:39:57

    Re: Continuous logout

    Can you send your ATutor URL and a test login to my email: cli at ocad dot ca. Wanna try it out myself.


  • 2011-11-06 13:46:38

    Re: Continuous logout

    Sure Cindy.
    URL: campus.sidar.org
    user: usuario1
    pwd: usuario1

    Rgds.


  • 2011-11-07 09:23:05

    Re: Continuous logout

    Hi Henry, I tried with the provided site and login with

    1. firefox, chrome and safari on Mac
    2. firefox and IE on windows

    I've been clicking around and haven't been kicked out, which prompts that the issue you encountered is likely caused by the old cookie data. The solution is exactly as what Greg has suggested:

    1. Clean up the browser cookies, especially the ones that are associated with your site "campus.sidar.org";
    2. Re-start the browser.


  • 2011-11-07 10:53:27

    Re: Continuous logout

    Cindy.
    Just tried few minutes ago. I cleared all cookies on my Firefox and did enter again.
    It was discouraging to find that it worked, apparently, as long as I keep moving continuously (navigating tabs, lessons, etc) but when I stop for say... 40 seconds and restarted navigation, I was bumped out. :(


  • 2011-11-07 13:00:40

    Re: Continuous logout

    Hi Henry,

    I cannot re-produce the exactly same issue with my firefox. Tried with leaving the session unattendeded for over ten minutes and the re-visit still works fine. I did get bumped out after leaving the session idle for around an hour.

    If any script that you've modified, revert them back.

    Pay special attention to include/vitals.inc.php, in particular that line 159 stays intact, which controls the session lifetime:

    @ini_set('session.gc_maxlifetime', '36000'); /* 10 hours */


  • 2011-11-07 13:40:29

    Re: Continuous logout

    Ok.
    Thanks a lot anyway for the help. I will post my findings (if any) when I solve the issue. It is weir to notice that the same issue occurs to three different instructors in three different cities 4000+ Km apart.

    Regards.


  • 2011-11-07 13:56:18

    Re: Continuous logout

    To experiment, try commenting out line 181 - 185 @ include/vitals.inc.php. In case of the line offset, the chunk of code is,

    if (count($_SESSION) == 0) {
    regenerate_session();
    } else {
    $valid_session = check_session();
    }

    Note that please backup vitals.inc.php before making any change.


  • 2011-11-07 14:37:04

    Re: Continuous logout

    Thanks Cyndi.
    That definitely did the trick (as far as I was able to test) but that removes completely the CSRF protection, right? (I am not a php master, I'm guessing).


  • 2011-11-07 14:49:25

    Re: Continuous logout

    Somewhat yes. It certainly reduces the CSRF protection level.

    However, it's nice that we realized this implementation does not make some browsers (probably) happy. Thanks for the report, Henry.

    I will file it in the bug tracker. Hopefully could get it fixed soon.


  • 2011-11-07 14:58:05

    Re: Continuous logout

    Hi Henry, just for my curiosity, do you have pretty URL turned on?


  • 2011-11-07 15:00:28

    Re: Continuous logout

    Henry, ignore my previous question. I've found the answer myself, no, you don't have pretty URL turned on.