We have a recurring issue related with an unexpected random User session expiration within all the applications hosted in subdomains of the same domain, most of them SuiteCRM. Forcing us to re-authentication every time we are kicked.
Our system is:
- 3 Dedicated Servers run by a server provider, 3 static IPs
- Each server acts as a Virtual server, we can have as many hostings as we need
- 200-300 different users working simultaneously in the applications
Server 1
- A main domain “example.com” that points to a Wordpress website in a hosting of the server
- A forum application, phpBB 3.2, hosted in “forum.example.com”
- 4 wiki sites in wikiX.example.com
- apache 2.4.46-1~bpo9+1
- PHP 7.3
- mysql-server 10.1.48-0+deb9u2
- PHP Session folder: /home/.example.com/tmp
Server 2
- Several SugarCRM CE 6.5.15 instances in PHP 5.6 running in different subdomains sugarcrmX.example.com
- apache 2.2.22-13+deb7u11
- php 5.6
- mysql-server 5.5.57-0+deb7u1
- PHP Session folder: /home/sugarcrm.example.com/tmp
- Each app with a different unique_key in config.php
Server 3
- Several SuiteCRM 7.11.15 instances running in different subdomains suitecrmX.sinergiacrm.org
- apache 2.4.46-1~bpo9+1
- PHP 7.3
- mysql-server 10.1.48-0+deb9u2
- PHP Session folder: /home/suitecrmX.example.com/tmp
- Each app with a different unique_key in config.php
We are working often in parallel within the different applications: SuiteCRM, SugarCRM, Forums and Wikis. Then, at some point that we can’t define, the applications kick us out with the message ‘You have been logged out because your session has expired.’. Redirecting us to the Login page of each of the applications that we were using in that moment. From this moment and for several minutes, the situation happens again and again, kicking us out repeatably. Until a time that it seems to stop, leaving us for a couple of hours
This happens to all the members of our team: 8 people working from different locations with different devices, operating systems and browsers. Some of the users (within the 200-300 we metioned) reported this as well, but we presume isn’t happening as often as us.
This issue started happening a few months after we upgraded our Wordpress, integrated the Server 3 and the installed the SuiteCRM applications, but we can’t say when was the exact moment it started. Before this, it never happened. So it is a bit difficult for us to find the reason right now.
We have already tried to change the PHP session parameters session.cookie_domain. Setting a different cookie_domain for each of the subdomain of each of the hosts, accordingly. Then deleting cookies of each of the browsers. At the beginning, it seemed we found the solution because our session was persisting. But after a few days, the sessions expiration issue came again.
We don’t need them to work in a common session, each application/subdomain has a different user/password management authentication.
We haven’t tried changing the default session name “PHPSESSID” yet.
Are we missing some crucial configuration within any service configuration?
Any idea about how to debug this?
Thanks