Hi, We have an issue where one admin accounts get auto logged out when the page is idle for 15 seconds or so.
For example, I try to create a lead, in the time it takes to complete the fields, you click submit and the page says âYou have been logged out because your session has expired.â
We have two admin accounts on our SuiteCRM and it seems that one does it more often than the other but it is a constant problem for both. Does anyone know how I can fix this?
Many thanks for your help.
You can start by checking if your server disk is full.
Then go in SuiteCRM, Admin / Diagnostics / phpinfo, and find out your session.save_path directory.
Then check if that directory is either
Hi, Thanks for your message and sorry for delayed response.
If by server disk you mean web server, I am sure it is not full.
I tried going to your location detailed above but I am not sure what to do. Can you please provide a more indepth explanation?
Please see screenshots below of where I went into:
Unselect all those check boxes except the one saying Output from phpinfo.
Click the button to download the zip, unzip it, then open the resulting HTML file in a browser, and check what it says about session.save_path
Find that directory on your server and examine it.
Thanks for the prompt reply.
There are two columns showing file location - would this be the local value?
Local Value= sessions/
Master Value= /opt/alt/php72/var/lib/php/session
If it is the following sessions/ folder I have 4 files in there which i have downloaded⌠but i am not sure what to do now.
Further so, my web host suggested to try the following:
Admin>System Settings>Advanced>Validate user IP address: TURN OFF
And it seems to have resolved the issue for now⌠it doesnât seem to be logging out constantly.
Would you say this is a practical solution for the above?
If that workaround solves it, then I would say your problem is not related to session.save_path.
Check your values in config.php:
make sure they match your actual site address. I am not sure if this is related to that option you changed, but I am guessing it mightâŚ
I have checked the config.php and the details you mentioned are as follows:
'db_host_name' => 'localhost',
âsite_urlâ => THIS IS SHOWING THE CORRECT URL BUT I HAVE NOT POSTED FOR CONFIDENTIAL PURPOSES
âI am not sure if this is related to that option you changed, but I am guessing it mightâŚâ
Do you mean the option I changed may have fixed this in the config.php?
After further testing, i do not get logged out after changing this setting:
Admin>System Settings>Advanced>Validate user IP address: TURN OFF
Note that db_host_name is not the same key as host_name.
Your work-around setting is used here:
which calls this function
Having seen that, I donât think it is related to site_url or host_name. Sorry for misleading you.
Maybe that code can give you some clues about why youâre getting that error in the first place. But at this point I am running out of ideas.
We are having no issues at all since doing the following setting:
Admin>System Settings>Advanced>Validate user IP address: TURN OFF
Since changing this setting, it always stays logged in.
Would you say this a secure method and solution for my issue?
If so, I canât see any reason to have to investigate any further and hopefully this helps some others that may encounter this issue in the future.
Youâre turning off a security feature.
Iâm not sure how risky this actually is in real-life, Iâm not a security expertâŚ
Hey, it has been a long time but lemme still explain the Risks it can impose:
Session hijacking is now possible since CRM doesnât validate the IP anymore,If your session cookies get stolen due to compromised network anyone in the World Wide Web can use them to authenticate, even if u Logout. A few weeks ago i made some trials about this to âpentestâ the security and with this option ON even if i stole the session cookies it would log me out and clear it because i âsuddenlyâ changed my location from Africa to China for example.
My recomendation would be to check the php settings on timeout but leave this feature on