Drupal 7 logging users out automatically [#2829067]

My business uses D7 for the company page, and on numerous occasions when navigating between pages, the user session is terminated, and the session cookies are also deleted. We have to re-login on each occasion. It happens numerous times a day and the log does not indicate anything.

Problem similar to: https://www.drupal.org/node/641140

Comments

Comment #1

20 November 2016 at 02:42

tesmondh created an issue.

Comment #2

cilefen CreditAttribution: cilefen commented 20 November 2016 at 19:51

Please add to the issue summary a description of your hosting environment. I am unclear about what you mean by session cookies being deleted—cookies themselves are stored in client browsers. Are they all being deleted? What is happening in Drupal's session table?

Comment #3

tesmondh CreditAttribution: tesmondh commented 22 November 2016 at 01:31

Running CentOS 6 with a LAMP environment. After a period of time after logging in, I will navigate to another page and the session is terminated. So yes, the cookies in the client browser is be deleted. The log is as below:

user 11/19/2016 - 6:44pm Session opened for tesmondh. Tesmond H
user 11/19/2016 - 6:44pm Session closed for tesmondh. Tesmond H
user 11/19/2016 - 6:44pm Session opened for tesmondh. Tesmond H
user 11/19/2016 - 6:44pm Session closed for tesmondh. Tesmond H
user 11/19/2016 - 6:33pm Session opened for tesmondh. Tesmond H
user 11/19/2016 - 6:25pm Session opened for tesmondh. Tesmond H
user 11/19/2016 - 6:02pm Session opened for tesmondh. Tesmond H
user 11/19/2016 - 6:01pm Session closed for tesmondh. Tesmond H

At no point in time did I ever click the "logout" button.

Comment #4

mark_fullmer

he/him

English

Tucson

CreditAttribution: mark_fullmer as a volunteer and commented 22 November 2016 at 01:55

What are the PHP values in your settings.php file for session.gc_maxlifetime and session.cookie_lifetime? The default settings that ship with Drupal are below. Also check the server settings (e.g., phpinfo() or /admin/reports/status/php). Low (or nonexistent) settings for this could trigger the server session expiration.

/**
 * Set session lifetime (in seconds), i.e. the time from the user's last visit
 * to the active session may be deleted by the session garbage collector. When
 * a session is deleted, authenticated users are logged out, and the contents
 * of the user's $_SESSION variable is discarded.
 */
ini_set('session.gc_maxlifetime', 200000);

/**
 * Set session cookie lifetime (in seconds), i.e. the time from the session is
 * created to the cookie expires, i.e. when the browser is expected to discard
 * the cookie. The value 0 means "until the browser is closed".
 */
ini_set('session.cookie_lifetime', 2000000);

Comment #5

cilefen CreditAttribution: cilefen commented 22 November 2016 at 03:06

Adding to #4, did the problem begin with at a particular point in time where there was a software or a configuration change?

Comment #6

parthpandya24 CreditAttribution: parthpandya24 commented 23 November 2016 at 10:23

Which version of Drupal you are using?
If older one then update latest D7 core.

Comment #7

tesmondh CreditAttribution: tesmondh commented 24 November 2016 at 07:10

I am running the latest version of Drupal 7 (7.52). The session lifetime for both values are 200000.

We tend to notice the issue after access non-drupal pages on our site that use PHP's stream_context_create to send headers to a specific non-Drupal page to tell us whether or not the user is currently logged in, and if they are; what roles do they have. That page incorporates this code:

define('DRUPAL_ROOT', getcwd());
include_once('./includes/bootstrap.inc');
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
global $user;

The weird thing is it hasn't done it in the last several days, it's just sometimes. Not sure why.