On 6/27/07, Thomas Bruederli roundcube@gmail.com wrote:
Benjamin Bradley wrote:
I traced through the code (hooray open source) and was able to skirt the issue by disabling session expiration. (comment out $rcmail_config['session_lifetime'] or set it to '')
My research showed that the rcmail_authenticate_session() function was being called twice per request. On the first attempt to log in (cleared sessions table), the function returns true the first time and then false the second time. Subsequent requests return false both times. It was getting set to false on this line: if (!empty($CONFIG['session_lifetime']) && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < time()) $valid = false;
I cannot confirm that rcmail_authenticate_session() is called twice per request. It is only called by index.php and this is only run once per request. Of course index.php is also run on ajax requests which are sent periodically (every 60 seconds) to keep up the session by updating the changed date in the sessions table.
Unfortunately I cannot reproduce these timeouts. Please add the following code at the end of rcmail_authenticate_session(), right before return $valid; and send me the logged data which will be written to logs/authenticate
write_log('authenticate', $_SERVER['REQUEST_URI'] . "; changed = " . date('r', $SESS_CHANGED) . "; valid = $valid");
With this info I might be able to find the "real" reason for the session timeout problem.
Regards, Thomas
Hello Thomas,
This is not connected with expired sessions, but a related issue.
Now that you have mentioned the matter, I am taking this up once again. There was a post in the forum on how to change the ajax request frequency. The 60 seconds is too high for some servers which has more number of users.
How do I change this?
Regards
kmn