We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
    • 5119
    • 90 Posts
    Anyone? This is still very urgent and I’m a bit worried about implementing the fix until I’m sure I won’t break the system or any security...
      • 5119
      • 90 Posts
      Well, the pressure is on, so I’m just going to implement it this weekend and see what happens. Would be very appreciative of any feedback before then. Otherwise, will let you know how it goes next week.
      • I’ve just begun to develop a site on a flaky server the client wants to use for a dev platform. Apparently it has a poorly configured cluster environment. The manager kept logging off at random intervals; almost impossible to work on it tongue

        So I put this in the .htaccess file
        php_value session.save_path "/blah/blablah/moreblah/2/2/longdrawnout.site.somewhere.net/modx/sessions/"
        

        The sessions folder I created is actually one folder above the web root, so it’s safe enough. It does, of course, have to be writable by PHP. In this case, it’s on some kind of suexec, so 755 was fine.

        Now I don’t have any more logging off problems. I do go in and clean it out from time to time; you might want to make a module (or even a plugin) to clean out sessions older than 24 hours or something.
          Studying MODX in the desert - http://sottwell.com
          Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
          Join the Slack Community - http://modx.org
          • 5119
          • 90 Posts
          ...but I think I’ve fixed it already so I don’t want to go through a different fix. I really just need to make sure I haven’t compromised any security by nicking a few things from the admin logon stuff and replicating it for the webuser login stuff.

          Seriously willing to pay someone to look at this as it is truly urgent and really just requires a rubber stamp approval (hopefully!).
            • 7455
            • 2,204 Posts
            Does any one tryed this?
            I tested the other session folder but when I close the browser I am logged out.

            Is there a way to make a plugin that looks at cookies of users and automaticly log them in when cookie is found?
              follow me on twitter: @dimmy01
              • 5119
              • 90 Posts
              I tried this. My session remains ongoing when I open the browser, so I’m not sure why yours isn’t working.

              What I don’t understand is why I only have 16 correct files (plus about 10 with 0kb) in my new folder to store sessions when hundreds of people have logged on. Where are their sessions going? And why do I still have to logon at random invervals when I’ve set no garbage cleanup?
                • 7455
                • 2,204 Posts
                I changed one line in the end of the config.inc.php that a coocie is not set dynamicly but just have a week before expire that works for me
                  follow me on twitter: @dimmy01
                  • 5119
                  • 90 Posts
                  Which line? I can only find stuff about caching which won’t be much help.
                    • 5119
                    • 90 Posts
                    Gah! The files are actually being deleted out of this folder, yet I didn’t think garbage collection worked when you specified your own directory. *bangs head on wall*
                      • 5119
                      • 90 Posts
                      ...and the login problem still isn’t fixed.


                      Despite garbage collection not being set, something is cleaning up the files. Despite setting the timeout to a very long time, people are still having to log in (less often, granted, but still regularly, whereas the old site just accepted them even if they hadn’t viewed the site for a week).

                      Would I be right in saying that I have to add something to the cookie that’s stored on the user’s computer in order for this to happen? If so, how do I do that?