Radicore Forum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » RADICORE development » Menu and Security » Redirection to Login page
Redirection to Login page [message #3075] Tue, 02 October 2012 12:44 Go to next message
jjtoranzo2004 is currently offline  jjtoranzo2004
Messages: 261
Registered: September 2012
Senior Member
Radicore 1.75

After logging in as MGR and "browsing" for some time I am redirected to the login page and this green message appears "You must log in to access this system."

Are sessions expiring to early?

Can my debugger help? What variables should I inspect?

Re: Redirection to Login page [message #3079 is a reply to message #3075] Wed, 03 October 2012 02:09 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2312
Registered: April 2006
Location: Surrey, UK
Senior Member
This should only happen if the session data disappears, either because the data has been deleted after the time limit set by session.gc_maxlifetime in your php.ini file, or the session cookie has been deleted. The session name (which has been changed from the default PHPSESSID) is passed around in the URL, so are you changing the URL?

Re: Redirection to Login page [message #3083 is a reply to message #3079] Wed, 03 October 2012 18:48 Go to previous messageGo to next message
jjtoranzo2004 is currently offline  jjtoranzo2004
Messages: 261
Registered: September 2012
Senior Member
Tony my php.ini is set to the default
session.gc_maxlifetime = 1440

(that should be about 24 minutes).

And after inspecting the cookies in Firefox, I find these two:
menu0
logon_screen_menu0

Thanks.
Re: Redirection to Login page [message #3086 is a reply to message #3083] Thu, 04 October 2012 01:52 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2312
Registered: April 2006
Location: Surrey, UK
Senior Member
You only time that Radicore redirects you back to the login page is if the session data disappears, either because someone else has deleted the data or if it is told to use a session_id which does not currently exist. I assume that you are using the default Radicore settings which put all session data in the PHP_SESSION table in AUDIT database, so you need to monitor this table to see what happens just before you are being redirected.

Re: Redirection to Login page [message #3087 is a reply to message #3086] Fri, 05 October 2012 14:45 Go to previous messageGo to next message
jjtoranzo2004 is currently offline  jjtoranzo2004
Messages: 261
Registered: September 2012
Senior Member
After monitoring the php_session table using triggers I found the following:

The session data at 2012-10-05 11:23:17 was
full with information (attachment).

One second later at 2012-10-05 15:23:18 it was deleted by a DELETE query.

Two second later it was filled with:
message
messages|s:38:"You must log in to access this system.";

Thanks,
Re: Redirection to Login page [message #3088 is a reply to message #3087] Fri, 05 October 2012 17:54 Go to previous messageGo to next message
jjtoranzo2004 is currently offline  jjtoranzo2004
Messages: 261
Registered: September 2012
Senior Member
Must the parameter session.use_only_cookies in php.ini be set to 0? It is set to 1 (enabled) by default since PHP 5.3.0.
Re: Redirection to Login page [message #3089 is a reply to message #3087] Sat, 06 October 2012 03:57 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2312
Registered: April 2006
Location: Surrey, UK
Senior Member
Can you identify what process issued the DELETE query? That would appear to be the culprit.

Re: Redirection to Login page [message #3090 is a reply to message #3089] Sat, 06 October 2012 04:03 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2312
Registered: April 2006
Location: Surrey, UK
Senior Member
The following settings are defined in Radicore's htaccess file:

php_value session.use_cookies 1
php_value session.use_only_cookies 1
php_value session.use_trans_sid 0

You should not have any reason to change them.


Re: Redirection to Login page [message #3091 is a reply to message #3090] Sat, 06 October 2012 12:58 Go to previous messageGo to next message
jjtoranzo2004 is currently offline  jjtoranzo2004
Messages: 261
Registered: September 2012
Senior Member
Tony, before the redirect I was clicking the menu "buttons" in the menu bar, or less frequently, clicking a breadcrumb link.
Re: Redirection to Login page [message #3092 is a reply to message #3091] Sat, 06 October 2012 18:57 Go to previous message
AJM is currently offline  AJM
Messages: 2312
Registered: April 2006
Location: Surrey, UK
Senior Member
I use menu buttons and breadcrumb links every day, and I don't have that problem. The session data must be deleted by something else.

Previous Topic: Difference
Next Topic: Roles Security RBAC Relationship?
Goto Forum:
  


Current Time: Sun Jan 29 19:53:14 EST 2023

Total time taken to generate the page: 0.01622 seconds