Staff session timeout

trbn

Hey,

I have a problem with the "staff_session_timeout"! My aim is to disable the timeout.

It has the value "0", but after some time the session still breaks and you have to login again and I don't know why.

I looked in the database (phpmyadmin) and found in "ost_config" table the field "staff_session_timeout". The value is also "0".

How is it possible that my session will not break?

I hope that someone can help me.

Thanks,

Torben

Katanshin

For what it's worth I've noticed that if you are checking tickets using the web interface on the same browser, but in a different window or tab say, then logging out of the ticket checking bit also logs you out of the admin console.

Not sure if that helps

trbn

Hey,

thank you for your reply, but this has nothing to do with my problem. You can switch all the time between different tabs and windows. If you are inactive for a while, you will be logged out automaticly. It's like the staff session timeout is still active, while it's disabled in admin panel...

Greetings,

Torben

Katanshin

Ah, I see...

Have you got any other browsers to test it out on? Like Opera, Chrome, etc. It'll help you make certain it's a server side issue that way.

If it is I'd first look at the server config, i.e. php etc - I've not seen that problem myself so if we're using the same code on diff servers then I think that's where I'd first check, i.e. default session expiry times etc.

trbn

I think it has nothing to do with the browsers. It happens with the IE and the FireFox. I think there is something wrong in the code, but I don't know where.

I looked at the class.preferences.php and the class.usersession.php, but everything seems to be right...:(

And as I wrote...I looked also at phpmyadmin and the values are standard...

masino_sinaga

Did you mean preference.inc.php instead of class.preferences.php ? ;)

Anyway, I have tested by disabling this feature, and it worked like a charm. The session never break.

However, if your problem is still continuing, you can disable by editing this following code in \scp\staff.inc.php file:

staffLoginPage($msg);

exit;

become:

//staffLoginPage($msg);

//exit;

I knew that this is not recommended as this will avoid any staff_session_timeout related to that function/code, but this is the last alternative for you if the problem still continues at yours. :

Sincerely,

Masino Sinaga

trbn

Hey,

I know that it is not recommended, but it doesn't matter for me.

Anyway, it doesn't work at all. Could it be that there is another code in another file, which stops the session?

Greetings,

Torben

trbn

Sorry for pushing, but this problem is really annoying!

Is it possible to delete everything in the code that it will work without logging out?

Greetings,

Torben

masino_sinaga

Torben,

The code I mentioned to you that day worked properly at mine. My session never break after I implement that modification code. It is weird that yours did not.

Sincerely,

Masino Sinaga

peter

Sorry for pushing, but this problem is really annoying!
Is it possible to delete everything in the code that it will work without logging out?
Greetings,
Torben

Your problem might be with PHP session setting as opposed to osTicket. Make sure the max life time in php.ini is set to a large value (session.gc_maxlifetime).

trbn

Hm..

I tested it with different values. For testing it I put the value from 1440 (standard, 24minutes) to 60 (1 minute). I restarted the apache, but there was no change. The sission didn't break after 1 minute, didn't break after 2 minutes and didn't break after 5 minutes.

I know that this is really weird, but I have no clue how to find a solution...that's so bad..:(

Greetings and thanks for the support,

Torben

ticket_tester

Please comment on my session timeout solution

Hi All

Please comment on my solution that is a spin off of what I've read at

http://osticket.com/forums/project.php?issueid=174#note807(http://osticket.com/forums/project.php?issueid=174#note807).

Here is the .htaccess file in my installation looks like in the root of my osticket installation.

php_flag short_open_tag on

php_value session.gc_maxlifetime "10800"

php_value session.save_path "/var/www/osticket_session"

I set the session.gc_maxlifetime to 3 hours and change the save path to

php_value session.save_path "/var/www/osticket_session"

I created the directory /var/www/osticket_session

To make this safer

chmod 733 /var/www/osticket_session

chmod +t /var/www/osticket_session

So you end up with

drwx-wx-wt osticket_session

Maybe I should move this folder outside /var/www/??

What do you think?? It appears to be secure to me.

I don't have any websites that run straight from the www folder they are all in other folders.

I started investigating this after seeing how php protects it's default session folder. /var/lib/php5

I read about chmod +t at http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html(http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html)

Here's what I read, the author had just created a folder and chmod 777 on it:

Everyone can read, write, and access the directory. The "t'' indicates that only the user(and root, of course) that created a file in this directory can delete that file.

To set the sticky bit in a directory, do the following:

chmod +t data

scottro

Hi All
Please comment on my solution that is a spin off of what I've read at
http://osticket.com/forums/project.php?issueid=174#note807(http://osticket.com/forums/project.php?issueid=174#note807).
Here is the .htaccess file in my installation looks like in the root of my osticket installation.
php_flag short_open_tag on
php_value session.gc_maxlifetime "10800"
php_value session.save_path "/var/www/osticket_session"
I set the session.gc_maxlifetime to 3 hours and change the save path to
php_value session.save_path "/var/www/osticket_session"
I created the directory /var/www/osticket_session
To make this safer
chmod 733 /var/www/osticket_session
chmod +t /var/www/osticket_session
So you end up with
drwx-wx-wt osticket_session
Maybe I should move this folder outside /var/www/??
What do you think?? It appears to be secure to me.
I don't have any websites that run straight from the www folder they are all in other folders.
I started investigating this after seeing how php protects it's default session folder. /var/lib/php5
I read about chmod +t at http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html(http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html)
Here's what I read, the author had just created a folder and chmod 777 on it:
Everyone can read, write, and access the directory. The "t'' indicates that only the user(and root, of course) that created a file in this directory can delete that file.
To set the sticky bit in a directory, do the following:
chmod +t data

I have tried all of this but am still having the same issue. Sometimes I'm logged in for 30 seconds sometimes I'm logged in for 26 hours. I really don't understand wth is happening :(

scottro

I've implemented the following code as per another thread and I believe thats the key. I noticed that this same code is present already in 1.6ST (I'm on 1.6RC5).

scp/staff.inc.php

$thisuser->refreshSession();