Registered Users Being Logged Out

OurWebMedia

Hello guys,

Long time no see. Hope to make this a quick one.

We've been relentless in updating our installation but recently had an error reported to us.

We were informed:

"Don't know why but for a few days I have problem logging in here. It only works when I reset my pass but next time, after logging out, I can't log in with that recently created pass so I have to create another one. Same thing using Chrome or FF and this forum is the only one I have this type of problem."

I've searched this and found quite a few results.

A few times it was apparently a core bug in Vanilla Forums release. A patch was then released to fix it. However I see in the discussions I've been able to find, there were still others having the problem (these were from 2014). One thing in common I see amongst these similar questions is there is no exact solution posted.

We are running the latest version of Vanilla Forums and just updated to the latest version of the Bootstrap theme.

Could anyone shed some light on what may be the issue with why users are being logged out like this?

OurWebMedia

I've discovered something weird happening.

It's deceiving. I that it was logging you out (as do the registered users).

HOWEVER, it's only on the main installation URL.

Our installation is here: http://www.ourwebmedia.com/support/

If I go to here: http://www.ourwebmedia.com/support/categories

AFTER logging in it shows me as logged in.

It seems to be just be that initial main URL. Any thoughts on this?

I've tried it with no modifications into this theme and another and still the issue happens.

OurWebMedia

Also confirming that I tested plugins too.

hgtonight

Sorry you are having this issue.

Mind linking to the links you found so I can look into it?

Bleistivt

Are you using caching?

Another cause for this could be that your forum is reachable through both the www- and no subdomain. For browsers, these are different websites and if someone clicks on a link to the other, it seems like they are logged out. You should generally redirect from one to the other.

hgtonight

@Bleistivt said:

Another cause for this could be that your forum is reachable through both the www- and no subdomain. For browsers, these are different websites and if someone clicks on a link to the other, it seems like they are logged out. You should generally redirect from one to the other.

Are cookies tied to a subdomain by default?

Because I thought they were only domain specific by default.

Bleistivt

I guess that depends on what's set for Garden.Cookie.Domain

If it is not set, it will be subdomain-only, according to this stackoverflow answer: http://stackoverflow.com/a/23086139

hgtonight

@Bleistivt said:
I guess that depends on what's set for Garden.Cookie.Domain

If it is not set, it will be subdomain-only, according to this stackoverflow answer: http://stackoverflow.com/a/23086139

So the trick is to set the domain with a leading . if you want cookies to work across subdomains.

OurWebMedia

Hi there,

I am sorry about the delays responding. Thanks for all the already made replies and suggestions.

@Bleistivt said:
I guess that depends on what's set for Garden.Cookie.Domain

If it is not set, it will be subdomain-only, according to this stackoverflow answer: http://stackoverflow.com/a/23086139

I don't quite see how that would be the issue since it always worked before and we made no changes.

It's the strangest thing. Quite literally we made no changes to the forums since late November I believe.

This issue only started happening days ago.

Which made me think perhaps it was due to a recent server change and we reverted back but made no difference.

About a week ago, we installed and setup on the server, nginxcp, dso+mod_ruid2, and Zend Opcache.

It was shortly after (a few days) that this error was noticed and so I thought perhaps they were related.

I reverted back, enabling suPHP on the server and uninstalling nginxcp, dso+mod_ruid2, and Zend Opcache.

We again tested with as a logged in user and were immediately redirected to the homepage and signed out.

Yet if you go to certain areas of the installation, they load and you're shown as signed in, just not the homepage.

The homepage being http://www.ourwebmedia.com/support/

I am happy to provide login credentials as a user so it can be seen in action. Please private message me for those.

@hgtonight said:
Sorry you are having this issue.

Mind linking to the links you found so I can look into it?

Here's one that's similar:
http://vanillaforums.com/discussion/3933/users-being-continuously-logged-out-today

Another (pretty much identical to our issue):
http://vanillaforums.org/discussion/18289/logged-out-after-log-in

There are a few others I found late last night but I can't find them at the moment, sorry.

As mentioned before, we did make server changes (nothing else) but those were reverted and retested.

I've reviewed the files and it should theoretically be working (no modifications in relevant files).

There were existing modifications (as we use it for a support forum, a license api is required).

However that modification was applied a long time ago and has always worked up until recently.

I'm absolutely baffled at what it could be. I've exhausted everything I can think up.

Hopefully this sparks some theories or additional suggestions. Thanks guys again for the help so far!

OurWebMedia

Was hopeful of some additional insight on this.

Anyone with some thoughts on what might be happening?

Bleistivt

I know you haven't changed anything, but could you still try what I suggested with Garden.Cookie.Domain, or just 301 redirect from www to non www or the other way around? It's best practice anyway.

If you create me an account and link me to the pages where people are getting signed out, I will take a look myself.