Thomas Bruederli wrote:
Benjamin Bradley wrote:
I traced through the code (hooray open source) and was able to skirt the issue by disabling session expiration. (comment out $rcmail_config['session_lifetime'] or set it to '')
My research showed that the rcmail_authenticate_session() function was being called twice per request. On the first attempt to log in (cleared sessions table), the function returns true the first time and then false the second time. Subsequent requests return false both times. It was getting set to false on this line: if (!empty($CONFIG['session_lifetime']) && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < time()) $valid = false;
I cannot confirm that rcmail_authenticate_session() is called twice per request. It is only called by index.php and this is only run once per request. Of course index.php is also run on ajax requests which are sent periodically (every 60 seconds) to keep up the session by updating the changed date in the sessions table.
Unfortunately I cannot reproduce these timeouts. Please add the following code at the end of rcmail_authenticate_session(), right before return $valid; and send me the logged data which will be written to logs/authenticate
write_log('authenticate', $_SERVER['REQUEST_URI'] . "; changed = " . date('r', $SESS_CHANGED) . "; valid = $valid");
With this info I might be able to find the "real" reason for the session timeout problem.
Regards, Thomas
Thomas, Thank you for your attention. Here is output in logs/authenticate from several different setups:
logging in with session_lifetime disabled: [28-Jun-2007 23:44:26 -0400]: /; changed = Thu, 28 Jun 2007 22:54:09 -0400; valid = 1 [28-Jun-2007 23:44:26 -0400]: /?_task=mail; changed = Thu, 28 Jun 2007 22:54:12 -0400; valid = 1 [28-Jun-2007 23:44:31 -0400]: /?_task=mail&_action=getunread&_remote=1; changed = Thu, 28 Jun 2007 22:54:15 -0400; valid = 1
logging in with session_lifetime enabled: [28-Jun-2007 23:45:39 -0400]: /; changed = Thu, 28 Jun 2007 22:54:57 -0400; valid = [28-Jun-2007 23:45:39 -0400]: /?_task=mail; changed = Thu, 28 Jun 2007 22:55:25 -0400; valid =
cleared sessions table, session_lifetime still enabled: [28-Jun-2007 23:48:00 -0400]: /; changed = Wed, 31 Dec 1969 19:00:00 -0500; valid = 1 [28-Jun-2007 23:48:00 -0400]: /?_task=mail; changed = Thu, 28 Jun 2007 22:57:46 -0400; valid =
cleared sessions table again, disabled session_lifetime: [28-Jun-2007 23:50:24 -0400]: /; changed = Wed, 31 Dec 1969 19:00:00 -0500; valid = 1 [28-Jun-2007 23:50:24 -0400]: /?_task=mail; changed = Thu, 28 Jun 2007 23:00:10 -0400; valid = 1 [28-Jun-2007 23:50:26 -0400]: /?_task=mail&_action=getunread&_remote=1; changed = Thu, 28 Jun 2007 23:00:10 -0400; valid = 1