It is not a new installation. Currently installed version is 7.11.13.
Today, after a period of few months, I attempted to login. But I could not because my credentials were not accepted. There was an error message too:
You have been logged out because your session has expired.
I attempted to reset the password, but still could not login. Error message still remained there.
I also cleared browser cache and cookies etc, yet the same problem persisted.
I checked the Session Path, that is also correct.
cPannel showed the File Usage (Disk Quota) was full, I cleared that too. Still same error message.
Logs are showing this:
Tue Jan 5 20:14:58 2021 [299388][-none-][FATAL] SECURITY: User authentication for Explorer failed
Tue Jan 5 20:14:58 2021 [299388][-none-][FATAL] FAILED LOGIN:attempts[1], ip[106.212.149.208], username[Exp]
Tue Jan 5 20:15:47 2021 [300514][-none-][FATAL] SECURITY: User authentication for Explorer failed
Tue Jan 5 20:15:47 2021 [300514][-none-][FATAL] FAILED LOGIN:attempts[1], ip[106.212.149.208], username[Exp]
Tue Jan 5 20:30:41 2021 [320357][-none-][FATAL] SECURITY: User authentication for Explorer failed
Tue Jan 5 20:30:41 2021 [320357][-none-][FATAL] FAILED LOGIN:attempts[1], ip[77.111.245.13], username[Exp]
About the password bug, I don’t know, and it will be hard to find out without a way to reproduce it and messages from the logs…
About the session files, they are safe to delete when you know you won’t be interrupting user’s sessions. So you can just delete anything older than 1 week, for example, or wait until everybody logs out at the end of the day and clean them all.
P.S. - if you are in the tens of thousands of files or more, you might need some special care with the delete command to make sure it works, I saw something on this somewhere online…
I had more than 125000 session entries, which ate my inodes totally, and I was not receving any emails from the webserver. I had to delete all these session files via cPannel. Next I upgraded my SuiteCRM to the latest one 7.11.18, I guess.
I also found that somewhere in the mid of 2020 they added some commits to Source of SuiteCRM. May be those commits have already been merged.
If that is the case, then I would like to hope that session entries are being taken care of by now, but I am not sure yet.
I don’t think there were changes to the session handling but I know that most people just don’t get that problem. It might be related to other libraries, or even with PHP upgrades, I don’t know.