Thomas Bruederli wrote:
Benjamin Bradley wrote:
I traced through the code (hooray open source) and was able to skirt the
issue by disabling session expiration. (comment out
$rcmail_config['session_lifetime'] or set it to '')
My research showed that the rcmail_authenticate_session() function was
being called twice per request. On the first attempt to log in (cleared
sessions table), the function returns true the first time and then false
the second time. Subsequent requests return false both times. It was
getting set to false on this line:
if (!empty($CONFIG['session_lifetime']) && isset($SESS_CHANGED) &&
$SESS_CHANGED + $CONFIG['session_lifetime']*60 < time())
$valid = false;
I cannot confirm that rcmail_authenticate_session() is called twice per
request. It is only called by index.php and this is only run once per
request. Of course index.php is also run on ajax requests which are sent
periodically (every 60 seconds) to keep up the session by updating the
changed date in the sessions table.
Unfortunately I cannot reproduce these timeouts. Please add the following
code at the end of rcmail_authenticate_session(), right before return
$valid; and send me the logged data which will be written to logs/authenticate
write_log('authenticate', $_SERVER['REQUEST_URI'] . "; changed = " .
date('r', $SESS_CHANGED) . "; valid = $valid");
With this info I might be able to find the "real" reason for the session
timeout problem.
Regards,
Thomas
Thomas,
Thank you for your attention. Here is output in logs/authenticate from
several different setups:
logging in with session_lifetime disabled:
[28-Jun-2007 23:44:26 -0400]: /; changed = Thu, 28 Jun 2007 22:54:09
-0400; valid = 1
[28-Jun-2007 23:44:26 -0400]: /?_task=mail; changed = Thu, 28 Jun 2007
22:54:12 -0400; valid = 1
[28-Jun-2007 23:44:31 -0400]: /?_task=mail&_action=getunread&_remote=1;
changed = Thu, 28 Jun 2007 22:54:15 -0400; valid = 1
logging in with session_lifetime enabled:
[28-Jun-2007 23:45:39 -0400]: /; changed = Thu, 28 Jun 2007 22:54:57
-0400; valid =
[28-Jun-2007 23:45:39 -0400]: /?_task=mail; changed = Thu, 28 Jun 2007
22:55:25 -0400; valid =
cleared sessions table, session_lifetime still enabled:
[28-Jun-2007 23:48:00 -0400]: /; changed = Wed, 31 Dec 1969 19:00:00
-0500; valid = 1
[28-Jun-2007 23:48:00 -0400]: /?_task=mail; changed = Thu, 28 Jun 2007
22:57:46 -0400; valid =
cleared sessions table again, disabled session_lifetime:
[28-Jun-2007 23:50:24 -0400]: /; changed = Wed, 31 Dec 1969 19:00:00
-0500; valid = 1
[28-Jun-2007 23:50:24 -0400]: /?_task=mail; changed = Thu, 28 Jun 2007
23:00:10 -0400; valid = 1
[28-Jun-2007 23:50:26 -0400]: /?_task=mail&_action=getunread&_remote=1;
changed = Thu, 28 Jun 2007 23:00:10 -0400; valid = 1
--
Benjamin Bradley
[EMAIL PROTECTED] 1-800-672-8060 x802
-----------------------------------------------------
GAIA Host Collective, LLC http://www.gaiahost.coop
"Internet solutions from an environmentally and
socially concerned worker-owned cooperative"
general support email: [EMAIL PROTECTED]
urgent support issues: 1-800-672-8060 x0
-----------------------------------------------------
