Stuck in Login Loop "logged out because your session has expired"

Ok, I’ve read these forums a lot, and figured out a lot of issues come down to permissions. Here’s the problem:

I installed a instance of suiteCRM on my shared webhosting (BlueHost). I confirmed, both through SSH and through looking at file permissions in my FTP client, that I correctly set the 775 and 755 permissions as required in the install documents. My user/group permissions are also appropriately set for the entire directory. I even went in and edited the /include/utils.php as many users have reported that the dir_mode and file_mode settings are incorrect. I’ve confirmed in utils.php and config.php that the user/group is labeled correctly. HOWEVER, when I get to my login screen, the “loading” wheel on my Chrome tab continuously spins. When I “stop” the page, I can login, get the main screen after logging in for about 5 seconds, then get automatically booted to “index.php?module=Users&action=Login&loginErrorMessage=LBL_SESSION_EXPIRED” which provides the “You have been logged out because your session has expired” message. Nothing I’ve done (see above setting permissions, fixing config.php and utils.php) has fixed this problem. Are there any ideas or thoughts out there? This has been aggravating me to no end.

I appreciate any help.

Please clear the cache folder contents and try clearing your browser cookies/cache.

Also, are you using your own php.ini? Do so, and also set the timezone appropriately in there. I’m not sure this will help, but it can’t hurt.

Also, open the sutecrm.log or sugarcrm.log through ftp or cpanel and see if there is anything useful.


I don’t have time to write a proper answer right now, but check

  • if your disk is full

  • if your session.save_path is well defined, exists and is writable. You can search Google and these forums for more detailed answer on this (including some written by me)

good luck

another thing to consider is that this also happens if you have more than one SuiteCRM installation in one domain

best regards


I’ve cleared my cache (both server side and my local browser cache) to no avail. I do not have the ability to change my php.ini file but I don’t believe that is the problem at this point. I’ve checked the logs and there is nothing of use in there unfortunately. Ugh!!!


My disk is not full, I am definitely sure of that. As for the session path, I did configure a custom path due to other threads I have read about that issue and it is confirmed that I am getting session files being written there by SuiteCRM, so that shouldn’t be an issue.


Thanks, yes there is only one instance on this server. All permissions are appropriately set from SSH terminal and logs show nothing weird happening, which is why I’m so confused it keeps pushing me out.

As sieberta said, are you sure you deleted the Cache folder of the SuiteCRM folder? make a backup and also truncate the table tracker as a last option

best regards

Also, delete the existing session files before re-attempting.


due from two suitecrm instance on same server
stop one instance and restart apache web server


Yes, I am sure. I deleted the folder, tried to login again and it re-populated that folder, but still have the same “session expired” error. Could you explain the truncate the table tracker piece?

Thanks, appreciate your help. Hopefully we can resolve this. On a side note, I did an installation on another shared server (but with a different provider) and it works just fine. I even had it call a SQL DB on the server I’m having this problem with so I’ve narrowed it down to some issue with accessing files on the server itself and/or php settings.


I do not have two instances installed. There is literally one directory with the CRM in it and nothing else (other than a wordpress instance running the front-end of our customer site).


Thanks, yes I have been doing that anytime I make a change and retry the login.

By truncate the tracker table, he means open your tracker table in phpmyadmin (or however you access your mysql server). If you use phpmyadmin, you can click operations->truncate. That will wipe the contents of the table. I have no idea of the ramifications of this, I’m relying on mikebeck to not be leading you astray here.

Can you create a file in your suitecrm directory called phpinfo.php and inside put the following code and then call it from a browser window?

<?php phpinfo(); ?>

Save the output as an HTML file and attach it to a response thread. If you’re not comfortable posting it (I probably wouldn’t be), just post a screen shot of the entire section on 'session’s.

Inside that phpinfo() window it will show your session save path. I thought this was a php.ini setting… but you said you changed your session save path and you said you can’t edit your php.ini… so perhaps I’m a bit confused. Where did you change that?

FYI, typically if you put a php.ini file in the suiteCRM root directory php will reference that instead of the server’s default php.ini. Furthermore, you can also specify a php.ini file to use in your .htaccess file… typically.

If I’ve been too brief on any of these ideas, they’re not specific to SuiteCRM, so I would recommend checking in with google for more information on my suggestions/ideas in this post (other than specifically truncating tracker, although you could google “mysql truncate”).


I just want to verify that you checked the suitecrm.log or sugarcrm.log not just the server logs right?


Back to my comment about logs earlier… in config.php, set ‘level’ => ‘debug’. Try logging in again, and then view your sugarcrm.log or suitecrm.log files and post them here.

'logger' => 
  array (
    'level' => 'debug',
    'file' => 
    array (
      'ext' => '.log',
      'name' => 'suitecrm',
      'dateFormat' => '%c',
      'maxSize' => '5MB',
      'maxLogs' => '20',
      'suffix' => '',



I have exactly the same problem.

  • cleared cache on server and in browser
  • tried another browser never used before --> no luck
  • There is enough space on the harddisk.
  • No problem with the session directory.
  • just added a seperate session director for good measure --> no impact
  • set debug log level --> no log messages are being written
  • migrated to a development environment on windows --> still the same problem

I am at my wits end. Any help is appreciated.



Once I had this problem. I change browser from Mozilla to Chrome and it was Solved.
And another solution here: #33991

Thanks for the input. However all Browsers have the same problem and client ip verification is not the problem either.

I commented out all problem areas containing LBL_SESSION_EXPIRED in the php files and they are not responsible for the redirect back to the login page.

My conclusion is that it can only be the sugar_grp1.js javascript file.

Anyone has some experience with that javascript file???




Ok, I’ve pasted the results below. It repeats the following string of entries over and over and over again many many times!