henryluiz Posted March 9, 2017 Share Posted March 9, 2017 Hi, Yep me....since i moved CC v4 to Centos v6.5 the login timeout for CCv4 users and admin has changed. Is there a way of disabling this timeout Appreciate your help on this unsupported version of CC4. I am working on migrating to CC v6 but my client requires extra time before this can happen. Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 9, 2017 Share Posted March 9, 2017 According to what I see in the CC445 code, for the storefront, a session will last according to a setting in admin, General Settings, Styles and Misc group, Max Session Length. For admin, it seems the session should stay open until the browser is closed. Quote Link to comment Share on other sites More sharing options...
henryluiz Posted March 9, 2017 Author Share Posted March 9, 2017 thanks bsmither...it is set to 1209600......are u able to tell me if is left blank is the time out length disabled Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted March 9, 2017 Share Posted March 9, 2017 1209600 seconds is 14 days so way more than you should ever need, however you may need to check with your hosting how long sessions are stored as that can affect it as well. Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 9, 2017 Share Posted March 9, 2017 The code seems to suggest that a cookie is set with the time being valid from now plus value. So, if blank, or zero, the cookie would expire the instant it was created. Quote Link to comment Share on other sites More sharing options...
henryluiz Posted March 9, 2017 Author Share Posted March 9, 2017 hi all, thank you for the reply. I do not need more than 18 days but my client complains it logs off within 5 minutes. I cannot simulate this problem so the only way is to disable it. I will set it to blank and see what happens Where would the hosting company control the timing of login sessions once again thank you for your help Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 9, 2017 Share Posted March 9, 2017 PHP manages "sessions". There are settings that control the behavior of how long to keep the "session file" associated with the cookie that CubeCart and the visitor's browser keeps sending back and forth. Those settings are called "garbage collection" and they can be set on a per-application basis. Cubecart does this. However, with PHP, the server administrator can force these values and deny the application the ability to change it. I am not aware of any hosting provider that would do this. You say the session is lost after five minutes. It would help you to troubleshoot if you could monitor the cookie over that period of time. The cookie value is stored in the database, and is also associated with the PHP session file (which you may or may not have access to). Quote Link to comment Share on other sites More sharing options...
henryluiz Posted March 15, 2017 Author Share Posted March 15, 2017 Hi, i have full access to my hosting server. Looking at my php.ini the following are set session.gc_maxlifetime = 0 session.cookie_lifetime = 0 The site is still logging out in 3- minutes Also it is only happening to my CC v4. I have 2 other Cc v6 sites on the same host with no issues Appreciate your help Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 15, 2017 Share Posted March 15, 2017 Somewhere in CC4's admin is Server Info. It will show the current PHP settings that CubeCart is running under. In the "Session" table, there is a 'local' and a 'master' value column. This PHP page explains what these values mean. I am going to say that CC4 does not change what is available from the Master column. I will also say that gc_maxlifetime at 0 is wrong. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted March 15, 2017 Share Posted March 15, 2017 2 hours ago, bsmither said: I will also say that gc_maxlifetime at 0 is wrong. Agreed ! Quote Link to comment Share on other sites More sharing options...
henryluiz Posted March 15, 2017 Author Share Posted March 15, 2017 Hi, I have the attached in ccv4 sessions table....timestart timelast ...may be a clue, but I do not know what these values are...see attached an idea I also notice that something clears the entries in the sessions table. when this happens the user get log off Quote Link to comment Share on other sites More sharing options...
henryluiz Posted March 15, 2017 Author Share Posted March 15, 2017 (edited) I think it is controlled in the classes/session/cc_session.php file at function destroySession($sessionId) { ## removed to keep basket data $this->set_cc_cookie(CC_SESSION_NAME, '', time()-3600); $this->set_cc_cookie('username', '', time()-3600); $this->set_cc_cookie('password', '', time()-3600); $data["customer_id"] = '0'; $update = $this->db->update($this->glob['dbprefix']."CubeCart_sessions", $data,"sessId=".$this->db->mySQLSafe($GLOBALS[CC_SESSION_NAME])); return ($update) ? true : false; I do not know enough on coding. is there a way to disable the destroy session function cc_session.php Edited March 15, 2017 by henryluiz upload copy of sessions file Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 15, 2017 Share Posted March 15, 2017 CubeCart destroys sessions when the customer or admin actually logs out. I would recommend against not being able to log out. The timeStart is when the session first logged in, and the timeLast is when the most recent page request was made. For every page request, CubeCart is supposed to send back the same cookie with a new expiration date/time that is for the customer according to that setting in admin, and for the admin, no expiration as the cookie is considered a "session" cookie (the browser keeps it alive until the browser is closed). Customer #255 has made their most recent page request 261 seconds.after logging in. When rows in the sessions table get deleted, CubeCart is clearing out obsolete entries. There is a function in cc_session.php, deleteOldSessions(), that takes the time duration set in admin, subtracts it from now to get some past date, then deletes all records where timeLast is less than that past date. Thus, having zero as that admin setting will cause quite a bit of confusing session behavior. Quote Link to comment Share on other sites More sharing options...
henryluiz Posted March 18, 2017 Author Share Posted March 18, 2017 okay that's done it.....I manage to convince my client to upgrade. I now need a developer that will be part of my journey to convert her customization cc4 to cc6. How would be the best way to find a developer? Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted March 18, 2017 Share Posted March 18, 2017 The best way forward would be to make a detailed list (if you dont already have it) of all customisation that was done and firstly determine whether your client actually still really needs each point ! You will be surprised at how much will be a standard part of CubeCart already, wont actually be required by the client any longer or will be provided by a plugin already written - check https://www.cubecart.com/extensions as a starting point although not all written plugins are listed here but a lot are. After that, if you have some functionality that your client absolutely needs and isnt already provided by a plugin do not be tempted to go down the quick fix route of modifying core code, there are several developers of plugins (including us) that might be interested in developing a plugin for your requirements Ian Quote Link to comment Share on other sites More sharing options...
henryluiz Posted March 18, 2017 Author Share Posted March 18, 2017 Hi Ian, Thanks for getting back to me I have documented the changes and will be asking the client for sign-off acceptance. ....what would be the best way to start communications......through the forum or another way Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted March 18, 2017 Share Posted March 18, 2017 6 minutes ago, henryluiz said: I have documented the changes and will be asking the client for sign-off acceptance. ....what would be the best way to start communications......through the forum or another way That is a great start - you can contact me via a PM on here or better still via our website https://www.havenswift-hosting.co.uk and look forward to hearing from you Ian Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.