My site users are automatically logged out - Drupal 7

I have a problem with my Drupal 7 website. The users of the website are always logged out automatically. They need to refresh site until they get logged in again. How can I fix the issue?

tuckeranddale's picture

You need to configure settings.php correct

You need to configure the settings.php file in your Drupal installation correctly. First of all the base URL and the cookie domain needs to be set up. 

# $cookie_domain = '.example.com';

# $base_url = 'https://www.example.com';  // NO trailing slash!

Delete the # and insert your correct domain name. After this is done you need to have a look at the cookie lifetime settings:

Change ini_set('session.gc_maxlifetime', 200000); to ini_set('session.gc_maxlifetime', 0);

With this, you change the time period after a user's last visit. After this setup time period, the session garbage collector deletes the content of the user's $_SESSION variable. If you have problems with the automatical log out then maybe the set up for this time period did not take place correctly.  Set it to 0 means that the data in $_SESSION variable will not trigger the sessions garbage collector routine.

 

Don't forget to flush the Drupal cache and to delete the cookies in your browser. 

Vote the answer: 
2.5
Average: 2.5 (4 votes)
Codemaster's picture

I don't believe that this helps

I don't believe that this might help. If you set ini_set('session.gc_maxlifetime', 0); to 0 then this only means that the session garbage collector routine deletes the user's $_SESSION variable when the tab or the browser is closed. Anyway. This would only make sense if you also set ini_set('session.cookie_lifetime', 2000000); to ini_set('session.cookie_lifetime', 0); as this determines the  time period after a session cookie will expire finally.

 

Also if you set the cookie_maxlifetime to zero then authenticated users will be logged out after closing a tab or the browser. Normally webmasters should avoid this as it should be as easy as possible to sign in, log in, sign up. The process needs to be very easy.

 

I think the issue is caused by a caching system like varnish, which tries to cache also authenticated traffic on site.  The HTTP Headers are not sent correctly somehow. To fix this issue requires a deeper understanding of varnish and Drupal.

Vote the answer: 
3.666665
Average: 3.7 (3 votes)
The Code's picture

I don't know why but...

I set 

ini_set('session.gc_maxlifetime', 200000); to ini_set('session.gc_maxlifetime', 2000000); 

Addidional to this I modified the user/people/permissions/roles for authentificated users and checked use site in maintainance mode. I read some posts on this on the internet. I just tried it out. Normally this should not have anything to do with the problem but somehow my issue is solved. 

Vote the answer: 
1
Average: 1 (2 votes)
Codemaster's picture

This is nonsence

I really don't see that there is a connection between user maintenance settings and the logout issue. It would only make sense if you set the site under maintenance mode. In this case, users can still stay logged in and use the site if they already did before. This has nothing to do with the issue.

 

If you increase the sessions_maxlifetime more then this has also only the effect that the session cookie expires after a longer time period. This also does not solve the issue. 

 

I also see the problem sometimes happening at my Drupal 7 website. The strange thing is that this never happens with the admin user. It only happens if I log in a site with different users, log out, and log in with another user again. The good thing is that normal users don't log into the site with different accounts from the same browser. This normally only admins do for testing purposes.  Maybe the HTTP headers in browser cache cause the conflict. Also, varnish might be the problem.

Vote the answer: 
5
Average: 5 (2 votes)