Manager automatically logs me out

I was getting logged out of a recently updated 1.0.15 site the other day (but hadn't had it happen ever in 1.0.14). It hasn't happened since and not sure what was causing it. I will report back if it happens to me again.

Quote from: timo_w. at Oct 15, 2014, 05:16 PM

Moreover, check your IP when logging in and again after you were logged out unexpectedly. If the IP changed, this can cause such problems as well.

Good tip timo_w, that's something to look out for.

Quote from: Jako at Nov 20, 2014, 10:21 AM

Maybe it is a PHP version problem. MODX Evo should run on PHP 5.2-5.4.

Thanks for the tip Jako.
The php version on the site I was getting auto logged out on is 5.2.17 the other day. Unfortunately I have no option to change this with the current host.

When the auto logout happens an error email is sent by the site but because the message is so vague, I never know what actually caused the error.

And just on the error emails (not the auto logouts): on some sites an error email is sent whenever I actually login to the manager. It's weird but the email message just says an error has occurred. It doesn't say "'xxxxxx' has logged in" if that's what the purpose of those emails are. If an error of some sort has occurred who knows what it is.

The PHP version with the permanent log out was 5.6 as the user told me (not have seen that).

The error mails could be disabled in MODX system settings.

Quote from: Jako at Nov 21, 2014, 09:48 AM

The error mails could be disabled in MODX system settings.

True - but they server a security purpose with regards to .htaccess / index.php modification so I am hesitant to turn them off.
The error emails we regularly receive on logging in say "Important system files have been modified". When in reality all I did was login.
I think the "error" messages just just need more specific information relating to the user and what actually was changed - or what the error actually was. Otherwise they are a bit vague just saying "Important system files have been modified".

Quote from: Jako at Nov 21, 2014, 09:48 AM

The PHP version with the permanent log out was 5.6 as the user told me (not have seen that).

Wow, I have not seen that either - that's futuristic compared to my host's PHP settings.

I think I find solution.. In file: "manager/media/script/session.js" I changed line:
window.setInterval("keepMeAlive()", 1000 * 600);

to:
window.setInterval("keepMeAlive()", 10000 * 600);

Great work joan27, that's excellent work.

I have not been getting automatically logged out for about 3 weeks so am unable to test.

Can anyone else who was having the problem confirm whether this also works for them? If it does, it would be a nice addition through GitHub.

Quote from: joan27 at Dec 10, 2014, 08:10 AM

I think I find solution.. In file: "manager/media/script/session.js" I changed line:
window.setInterval("keepMeAlive()", 1000 * 600);
to:
window.setInterval("keepMeAlive()", 10000 * 600);

Increasing this parameter from 10 to 100 minutes doesn't make sense in context of preventing auto-logouts, unless... there is a bug with session keep-alive procedure!

I'm currently researching this on 30+ MODxEvo installations on two different servers (PHP5.5.21/DSO+ruid2 and PHP5.4.36/FastCGI) and seeing this problem only on those with renamed /manager folder - session cookies are duplicated, with the problematic one having different path (/<manager_folder>/includes):

Wonderful research Eoler!

I have renamed manager-folder, so that would be the problem.. Is there any solutions for this, or do I have to rename manager-folder back to "manager"?