Users being logged out

My users are being logged out after some time (30 minutes or so but I haven’t timed it) not actively using the site, even though I have the cookie set to expire in 60 days.

I have the Remember Me box set to a static value of 1


Any thoughts on what’s going on? It’s getting very frustrating for people. Thanks.

The default session duration of php is 24 minutes, so it sounds like the remember me is not getting set.

Confirm your remember value is being sent in the login post and that it is being applied to the login action.

Ok - well that makes sense on the timing. Good to know.

I think I have this setup right?

So have a look in the dev console to be sure the value is being sent with the login post-check the payload. You can also see the cookies being sent and received.

I’ve never used the option to set a domain, you might try removing that unless you specifically need it, if for nothing else then to narrow down where the problem lies.

I removed the domain and had another look at the cookies. It looks like two are being set for siteSecurity (what I’m using now) and one for security (which I thought I had deleted ages ago, and doesn’t show in Wappler).

There must be a file somewhere that still has these old values. Hmmm.

Found the security.php on the server so that solves that mystery. Also looks like only one siteSecurity is being set now so we’ll see how that goes.

Still the same.

@Teodor - any ideas? I’ve set my server session time to max but that doesn’t solve the problem entirely.

Sounds to me like you have your logout action set to autorun. That’s got me a few times.

Check your front end pages or template page to make sure your security restrict is applying across all the pages you want it to. That’s my two cents.

I don’t think I do but where would I check for this? Thx

It’s a SPA so only one page.

It is unchecked by default … so you need to check it.


Nope - that’s all good.

I see, Question then. What does your Routes and Page Routes looks like then? Because maybe you are going to have to set up some kinda scheduler work around to check for the security sessions on the index page or whatever route needs to be refresh to set the security provider.

I don’t do SPA website because of these same issues, but I am thinking aloud here.

I’m not using routes. I just have page sections that I show/hide based on a variable.

I see. So, I am assuming you are still having this issue then? If so, have you tried playing around with set cookies or session with a combination of onclick event to refresh the page at least once after each successful login. This way the security provider can set its session.

This one got me thinking because I do not do SPA website with security period.

Maybe link directly to the logout script instead of doing it through a server connect? You could create a route for it so it’s an easy URL and set a redirect when visited.