"You have been logged out because your session has expired."


I have run into a problem after installing SuiteCRM 7.8.2 again,

I log in to look around and start defining anything, and after 1-2 minutes, I get logged out, and the following message appears:

“You have been logged out because your session has expired.”

I have no time to make any changes, I am curious as to why

Thanks for any suggestions as to how I can eliminate this issue.


This problem has occurred to me also. The behaviour was different on Windows vs Linux.

On both platforms the problem occurred when I had two sessions open from the same server in the same browser.

Apart from multiple sessions I had the same problem when I migrated the instance, after an upgrade or after a fresh install.

On Linux I always managed to resolve it by resetting permissions, clearing the browser cache and repairing and rebuilding all I could (including the .htaccess file).
In case of a migration I also previously edited the values pointing to host, url, db, etc in config.php.

On windows I have not been able to understand how to solve it consistently. In the case of a fresh install I noticed that unzipping the suitecrm install .zip directly in the webserver folder worked well. On the other hand if I copied the folder after having unzipped it elsewhere, nearly always gave me permissions problems and if I tried to reassign them it never worked.

I hope this helps.

A few more things to try:

The last one is the most likely to be the culprit.


You can check your .htacces file
If you change your pathdirectory

RewriteBase /suitecrm line 15

Try it

URL was truncated in your reply: Working URL:

1 Like

If your provider changes your ip often this can happen. Try adding this to your config.php or config_override.php:

$sugar_config['verify_client_ip'] = false;


I took the time to check the config.php file. PGR wrote (and other agreed) that I need to check the .htaccess file for this:
echo ini_get(“session.save_path”);

There is nothing like that in my .htaccess file.

I need to add this?

As well, the idea of running out of disk space? Not an issue.



I didn’t write anything about .htaccess files. That’s the last thing to check for permissions problems, not the first.

That echo command is for you to find out which path is your effective session path. Then you go and use chmod/chown to fix permissions on it, so that the web server can write to it.

What is this line for?

$sugar_config[‘verify_client_ip’] = false;

I would like t to know what I am adding:)

I also realsied, again, that my suitecrm works in XChrome, but NOT in Firefox./ Wierd.
Ideas on that?


Leave the Firefox issue for another thread, please.

The $sugar_config fix would apply only if your problem was occasional (when your ISP changes your IP address), but not if it’s a problem that happens every time you access the log in screen.

Start by making sure you can write to the session save path.

You are right, it was not .htaccess. It if for config.php. I looked there to, and no echo command.

AS for the echo command, do I copy paste the text:
echo ini_get(“session.save_path”);

Where in the config.php file tdo I put it? Beginning end, anywehre?



No, you didn’t read that post carefully enough. It’s not for .htaccess, and it’s not for php.ini.

What is said was “check your php.ini for a session.save_path setting, if you don’t find one, make a new php file with that echo command and call it from the browser”.


Thanks for the explanation. I am not a programmer by trade. I am learning as I go along:(

I added the line to a new php file as you suggested calling it test.php

But, all it does is display the text that I put in it.

I literally put the line fo text n the file. Nothing ele.

If there is other text I need to add to make it a php file, I am not a programmer to know:(

Thanks for guidance.


Yes, you need to add a little extra stuff in there:

       echo ini_get("session.save_path");

or if you prefer you can print ALL settings at once with



The reply that I have is:


Just to let you know, in my set ups, my client will not change, but the web number will, because each website has its own web#.



Well go on and check if that is writeable by your web server user, and make it writeable if it isn’t. If you need help share the

ls -al 

of that directory.


It seems writable:

116 drwxrwxrwx 4 web5 client2 118784 Jun 13 08:10 tmp

Is it good for the permissions to be 777?


No, it’s not good to make it 777, there’s a danger of session hijacking.

You don’t need 777 if the ownerships match your web server user.

You do need the sticky bit on so that new files get the full permissions from their parent directory.

I need to know the user your web server runs under. Can you load this php file from your browser please:

echo exec('whoami');

And then when you have that user name (let’s suppose it’s web5), run this on Linux command prompt to find out which groups it belongs to:

groups web5


The reply that I got was:

Then with the groups command, I get:
web5 : client2 sshusers



Ok Iyou can try to make that writeable via the group permission, so it works for all users inside the client2 group.

So you could try (but do this at your own risk, you’re the one responsible for your server)

sudo chown -R web5:client2 /var/www/clients/client2/web5/tmp


sudo chmod 2770 /var/www/clients/client2/web5/tmp
sudo chmod -R 770 /var/www/clients/client2/web5/tmp/*

This way every user in group client2 should be able to write there, and create new writeable files under that folder. And “world” users get no access at all.