[Note: Our small web design company ālies and diesā on our CRM to keep tabs on clients and their projects. I posted this on the Sugar forum several years ago and kept a copy on my Mac. Iām spending the day cleaning out out document files and came across this. I thought I would post it here as maybe it might help someone. I mention .htaccess, but you could use php.ini or .user.ini files, with different but similar syntax for the commands.]
You might want to reference this thread where several people have noted that they have been thrown back to the login screen
http://www.sugarcrm.com/forums/showthread.php?t=10649&highlight=timeout
I had a .htaccess file in the directory where Sugar was placed that re-set the maxlifetime to 14400 (seconds) which is 4 hours. The default in php.ini on my server is 1440 seconds or 24 minutes. I could not figure out why I was not getting 4 hour āup timeā with Sugar but was being terminated back to the login screen every half hour or soā¦ sometimes a longer, sometimes shorter.
I did a bit of research on this and came upon this link that explains the issue some of us are having:
http://blog.centresource.com/2006/05/23/php-session-lifetime-an-adventure/
It seems that PHP usually defaults in the php.ini to store all session data in /tmp. There is a quirk in PHP such that if you create a session with a longer timeout, say 4 hours (which will occur because of the .htaccess entry) in /tmp and if someone else on the server has a session that is the default (say 24 minutes) the last one entered in the directory is what is used by the PHP garbage collector.
Thus you log on to Sugar and your session is supposed to last 4 hours. But someone else on the server logs on to some other application which does not have a .htaccess file and thus defaults to the php.ini value (say 24 mins). Their session comes into the /tmp directory after yours and PHP āforgetsā about the timeout on your session and uses the newest one.
If you donāt understand this donāt worry.
To fix the problem you need to first create a writeable directory on your web sever that PHP can talk to. This can be in your āhomeā area. Ask your ISP tech support if you donāt know where to put itā¦ or let them do it.
Next you need to enter two things in your .htaccess file which must be in the folder that has the index.php file for SugarCRM. It should have:
php_value session.gc_maxlifetime 14400
php_value session.save_path ā/xxx/yyy/zzz/sugartempā
I created a directory called āsugartempā on my server and entered the full path to it on the session.save_path entry. I also set the maxlifetime to 4 hours. (makes no difference what order these are in.)
Since Iām the only person putting session files in āsugartempā it never gets clobbered by someone elseās session from some other PHP application.
The only thing that you should do once in a while is go into āsugartempā and delete the old session filesā¦ or write a script to do it via cron.
Hope this helps.