Are you being logged out too soon? This may help

[Note: Our small web design company ‘lies and dies’ on our CRM to keep tabs on clients and their projects. I posted this on the Sugar forum several years ago and kept a copy on my Mac. I’m spending the day cleaning out out document files and came across this. I thought I would post it here as maybe it might help someone. I mention .htaccess, but you could use php.ini or .user.ini files, with different but similar syntax for the commands.]

You might want to reference this thread where several people have noted that they have been thrown back to the login screen

http://www.sugarcrm.com/forums/showthread.php?t=10649&highlight=timeout

I had a .htaccess file in the directory where Sugar was placed that re-set the maxlifetime to 14400 (seconds) which is 4 hours. The default in php.ini on my server is 1440 seconds or 24 minutes. I could not figure out why I was not getting 4 hour “up time” with Sugar but was being terminated back to the login screen every half hour or so… sometimes a longer, sometimes shorter.

I did a bit of research on this and came upon this link that explains the issue some of us are having:
http://blog.centresource.com/2006/05/23/php-session-lifetime-an-adventure/

It seems that PHP usually defaults in the php.ini to store all session data in /tmp. There is a quirk in PHP such that if you create a session with a longer timeout, say 4 hours (which will occur because of the .htaccess entry) in /tmp and if someone else on the server has a session that is the default (say 24 minutes) the last one entered in the directory is what is used by the PHP garbage collector.

Thus you log on to Sugar and your session is supposed to last 4 hours. But someone else on the server logs on to some other application which does not have a .htaccess file and thus defaults to the php.ini value (say 24 mins). Their session comes into the /tmp directory after yours and PHP ‘forgets’ about the timeout on your session and uses the newest one.

If you don’t understand this don’t worry.

To fix the problem you need to first create a writeable directory on your web sever that PHP can talk to. This can be in your ‘home’ area. Ask your ISP tech support if you don’t know where to put it… or let them do it.

Next you need to enter two things in your .htaccess file which must be in the folder that has the index.php file for SugarCRM. It should have:

php_value session.gc_maxlifetime 14400
php_value session.save_path ‘/xxx/yyy/zzz/sugartemp’

I created a directory called ‘sugartemp’ on my server and entered the full path to it on the session.save_path entry. I also set the maxlifetime to 4 hours. (makes no difference what order these are in.)

Since I’m the only person putting session files in ‘sugartemp’ it never gets clobbered by someone else’s session from some other PHP application.

The only thing that you should do once in a while is go into ‘sugartemp’ and delete the old session files… or write a script to do it via cron.

Hope this helps.

Thanks for this informative post dev77!