Hi, We have an issue where one admin accounts get auto logged out when the page is idle for 15 seconds or so.
For example, I try to create a lead, in the time it takes to complete the fields, you click submit and the page says âYou have been logged out because your session has expired.â
We have two admin accounts on our SuiteCRM and it seems that one does it more often than the other but it is a constant problem for both. Does anyone know how I can fix this?
I have checked the config.php and the details you mentioned are as follows:
'db_host_name' => 'localhost',
âsite_urlâ => THIS IS SHOWING THE CORRECT URL BUT I HAVE NOT POSTED FOR CONFIDENTIAL PURPOSES
âI am not sure if this is related to that option you changed, but I am guessing it mightâŚâ
Do you mean the option I changed may have fixed this in the config.php?
After further testing, i do not get logged out after changing this setting:
Admin>System Settings>Advanced>Validate user IP address: TURN OFF
Hey, it has been a long time but lemme still explain the Risks it can impose:
Session hijacking is now possible since CRM doesnât validate the IP anymore,If your session cookies get stolen due to compromised network anyone in the World Wide Web can use them to authenticate, even if u Logout. A few weeks ago i made some trials about this to âpentestâ the security and with this option ON even if i stole the session cookies it would log me out and clear it because i âsuddenlyâ changed my location from Africa to China for example.
My recomendation would be to check the php settings on timeout but leave this feature on