Panel keep login out

Using Kirby 2.4.1, my users are log out from the panel in various random circumstances. It could happen when saving a page or when going back to the dashboard, sometimes even at login.
When that happened, the dev console briefly show a:
SyntaxError: Unexpected token <

I’ve seem a topic about it, but I did not get what the solution was, except editing some files in the Kirby core, which is clearly not a solution.

Thanks for your help

Just to say that I have similar issues on my local dev install.

Linux Ubuntu
Caddy Server + php7

I’m going to test on VPS with some different web server environments (Apache + nginx reverse proxy and nginx allone) and will tell you if random logout append.

Same here. I can login but after I click on any link, it logs me out back to the panel login page. I have made no changes to any files. I have even re-uploaded the PANEL and KIRBY folders with no success.

I have removed all plugins to see if there were any issues here but nothing.

I have even checked all with htaaccess to see if any issues there but can’t find any.

Have you tried to use a custom session fingerprint like suggested in that post quoted above:


s::$fingerprint = function() {
  return 'some fingerprint';

I’ve done a quick test and it seem this function solve the panel logout.
Can you elaborate about what this function is about and when to use it or not?
I’m not familiar with “fingerprint” session.

I think the purpose of the session fingerprint is to identify the session and is thus a security feature. But it seems that the Kirby fingerprint, which is IP or user agent based, can cause issues in some environments, where those parameters might change.

I wonder if the problem is solved for the two users above too.

Sorry but I don’t know what is a custom session fingerprint?

How I’m suppose to use this piece of code? just copy/past it in the config file?
Do I need to replace ‘some fingerprint’ by something else?

And do I need to get the code from the develop branch of the toolkit?

I would be grateful for some explanations :slight_smile:

Personally, I’ve just pasted this function “as in” in the config file.
I guess the 'some fingerprint" value in return is just a dummy one to return something, instead of a null value that caused the logout we’ve experienced.
But I’m no expert there.

This is the fingerprint method:

public static function fingerprint() {

    // custom fingerprint callback
    if(is_callable(static::$fingerprint)) {
      return call(static::$fingerprint);

    if(!r::cli()) {
      return sha1(Visitor::ua() . (ip2long($_SERVER['REMOTE_ADDR']) & ip2long('')));      
    } else {
      return '';

So, if no custom fingerprint is used, the fingerprint is created like this:

 return sha1(Visitor::ua() . (ip2long($_SERVER['REMOTE_ADDR']) & ip2long('')));  

In your custom fingerprint, you can do whatever you want, return a string or return only parts of the above, e.g.

return sha1(Visitor::ua());

or whatever works for you.

Thank you both for your answer, I’m a little bit less ignorant now :wink: