SMF 2.0.17 - "Forever" logins expire after 24 hours after upgrade from 2.0.15

[wnff_chief]

Upgraded my site from 2.0.15 to 2.0.16 and then to 2.0.17 last week via package manager and ever since then logins are expiring after 24 hours, even when "Forever" login is chosen.  Any assistance is appreciated!

[Kindred]

Try Changing the cookie name. This will cause everyone to require a new login, but might resolve the issue going forward

[wnff_chief]

Try Changing the cookie name. This will cause everyone to require a new login, but might resolve the issue going forward

Will try that now and report back tomorrow, thanks!

[wnff_chief]

Try Changing the cookie name. This will cause everyone to require a new login, but might resolve the issue going forward

Didn't work unfortunately.  Seems like the cookie/session is expiring at some specific time because it hasn't actually been 24 hours since i logged in.  Others report having to log in again this morning.

[Kindred]

URL?

mods installed?

[wnff_chief]

URL?

mods installed?

https://www.wnff.net/

mods:
Ignore User Button 1.0
SMF Multi Quote 1.1.3
Inline Hover Spoiler 1.5
Remove images from quotes    1.4
Print-Page Permission    1.0.1
Started By Column    1.4
View Single Post    2.0.9
Remove Reply Prefix    1.0
Simple Audio Video Embedder    4.0.2

and every SMF update package from 2.0.6 through 2.0.17

[Sir Osis of Liver]

Which theme are you using?

[drewactual]

did your upgrade coincide or result as a server upgrade of php?

IF you are running a newer version of PHP, there are some pretty decent opportunities for this to happen... it could be the GC_probability setting, or the session time out- or... several other things at the server level... if you're using memcached or something other than files, that could impact this too...

[wnff_chief]

Which theme are you using?

It's a customized copy of the Core theme (just replaced graphical assets)

did your upgrade coincide or result as a server upgrade of php?

IF you are running a newer version of PHP, there are some pretty decent opportunities for this to happen... it could be the GC_probability setting, or the session time out- or... several other things at the server level... if you're using memcached or something other than files, that could impact this too...

PHP 5.4 and last update was May 5th, so I don't believe that's the issue (unless it's specifically related to the SMF updates and older versions of PHP).  SMF 2.0.16 and 2.0.17 updates were installed last week and the issue began immediately for me.  Took a few days for users to begin reporting it but I believe they were impacted immediately as well.

[Kindred]

yes. IIRC, With 2.0.16, I believe users were required to log in again, because of a change to the security....   however, that should have resolved itself after one login.

However, since you are using the Core theme.... I bet that's your problem.  You did not apply the patch updates into the core theme files....

[Illori]

https://wiki.simplemachines.org/smf/Login_error_2.0.14

make sure the above is applied to your theme.

[Arantor]

How many more of you are going to ask a question that 1) you could have verified the answer for yourself, 2) could have noted that wasn't relevant after 2.0.16 included the generic all-theme fix and 3) doesn't actually fit the symptoms anyway? (the 2.0.14 login prevents login entirely when it manifests, not merely preserves it for 24 hours)

[live627]

I added a warning box to the linked wiki page.

[Arantor]

Very sensible.

[Sir Osis of Liver]

3) doesn't actually fit the symptoms anyway? (the 2.0.14 login prevents login entirely when it manifests, not merely preserves it for 24 hours)

^ This.  I actually posted a reply about login session check just before going out, then realized was answering the wrong question and deleted it.  I've seen this before, but don't remember what caused it.  Will have to dig through my notes.

[shawnb61]

SOoL:  Yeah, this reminds me of a weird one of yours...  Was this the one where changing the default cookie expiration length made it start working???  Made no sense, but you said it worked???

[Sir Osis of Liver]

Can't remember which forum it was.  Sadly, I have over 3 million files on my computer, and my memory is shot, so it's not easy to find anything.  On my own forums and a number of client forums, I've removed the cookielength option and hard coded it to -1 in header login and login template, but don't know if that would fix OP's problem.

That's odd, theme isn't Core, looks like modded Curve, but copyright shows SMF 2.0, should be 2.0.17.  Did .16 & .17 upgrades install without errors?

[wnff_chief]

That's odd, theme isn't Core, looks like modded Curve, but copyright shows SMF 2.0, should be 2.0.17.  Did .16 & .17 upgrades install without errors?

Apologies, I was mistaken.  2.0 Curve is what I adapted my theme from.  And yes .16 and .17 installed without errors once I relaxed my file permissions.

[wnff_chief]

Tried rolling back to 2.0.16 since neither of the issues addressed in 2.0.17 impact my current configuration.  Problem still persists.  Any suggestions are appreciated!

EDIT - possible clue - the cookie name somehow got returned to the old/original name that was used before all this began.  Or I'm going crazy.  Just changed it again to be sure and will report back tomorrow (both on whether it helped and whether I'm going crazy )

[Sir Osis of Liver]

What happens if you revert to 2.0.15?

[drewactual]

I would suggest your host did something, but a host still running php5.4 is likely doing..... nothing...

So... i ask you... are you using OPCache?  Perhaps some aged php files are hanging on and need to be refreshed?

[wnff_chief]

What happens if you revert to 2.0.15?

I'll give it a shot tonight.

I would suggest your host did something, but a host still running php5.4 is likely doing..... nothing...

So... i ask you... are you using OPCache?  Perhaps some aged php files are hanging on and need to be refreshed?

It's a VPS so the shame lies with me.  Opcache = yes.  I restart nginx and php-fpm periodically and have done so manually a few times while troubleshooting this issue.

Code Select Expand


php-common.x86_64                                                                       5.4.16-48.el7
php-fpm.x86_64                                                                          5.4.16-48.el7


and other packages with the same version (gd, mysql, pecl-zendopcache, etc.)

[wnff_chief]

Reverting to 2.0.15 "fixed" the 24 hour login issue.  Confirmed by users as well.

So what's going on that 2.0.16 is breaking it? 

[Sir Osis of Liver]

AFAIK that's never been reported.  I would upload a clean set of 2.0.17 files, see if it fixes the problem, then reinstall mods with current versions.  I'm betting it's a mod glitch.

[shawnb61]

Or a theme glitch...  I can't find the thread, but we have seen the theme fix applied multiple times, causing funky behavior (multiple "hidden="s on the same line...).  There are a couple ways this can happen.  I would audit the hidden= fix to ensure it was proper. 

I'd also confirm $auth_secret in Settings.php looked valid (almost any value will do...).  We've seen strange behavior caused by that entry being malformed in some way, e.g., "$auth_secret ="...

If nothing else worked, I'd try adding to Settings.php:

Code Select Expand

$cookie_no_auth_secret = true;

If that worked, there is something else going on, e.g., SSI or a mod or an integration, that needs a look...