On 6/27/07, Thomas Bruederli <[EMAIL PROTECTED]> wrote:
Benjamin Bradley wrote:
>
> I traced through the code (hooray open source) and was able to skirt the
> issue by disabling session expiration. (comment out
> $rcmail_config['session_lifetime'] or set it to '')
>
> My research showed that the rcmail_authenticate_session() function was
> being called twice per request. On the first attempt to log in (cleared
> sessions table), the function returns true the first time and then false
> the second time. Subsequent requests return false both times. It was
> getting set to false on this line:
> if (!empty($CONFIG['session_lifetime']) && isset($SESS_CHANGED) &&
> $SESS_CHANGED + $CONFIG['session_lifetime']*60 < time())
> $valid = false;
I cannot confirm that rcmail_authenticate_session() is called twice per
request. It is only called by index.php and this is only run once per
request. Of course index.php is also run on ajax requests which are sent
periodically (every 60 seconds) to keep up the session by updating the
changed date in the sessions table.
Unfortunately I cannot reproduce these timeouts. Please add the following
code at the end of rcmail_authenticate_session(), right before return
$valid; and send me the logged data which will be written to logs/authenticate
write_log('authenticate', $_SERVER['REQUEST_URI'] . "; changed = " .
date('r', $SESS_CHANGED) . "; valid = $valid");
With this info I might be able to find the "real" reason for the session
timeout problem.
Regards,
Thomas
Hello Thomas,
This is not connected with expired sessions, but a related issue.
Now that you have mentioned the matter, I am taking this up once
again. There was a post in the forum on how to change the ajax request
frequency. The 60 seconds is too high for some servers which has more
number of users.
How do I change this?
Regards
kmn
