we randomly see users being logged out from the panel over and over again. The situation seems to be as follows:
- 6-10 editors are logged into the panel
- the work on different pages
- after doing “some” actions they got thrown out (no matter wich action, it may be editing a page, adding a block, uploading an image, we saw everything already)
- other users remain logged in with no issue during the whole session
- sometimes the users being thrown out even cannot log in again, saying the credentials are wrong
Could you imagine why this could happen? All users work on ipads with newest iOS installed. Kirby version 22.214.171.124, php 7.4.
Any help is appreciated, Thanks, Thomas E.-E.
To be honest, this sounds rather strange. Is this what users tell you or have you been able to reproduce this yourself with them directly?
And it would be really good to know if there are any errors in the browser console if a user gets thrown out of the Panel like you describe. Do you have any insights?
Yes, it sounds strange, but I have had this problem occasionally in the past as well locally, and as far as I can remember, this also happened to other users.
That the credentials changed? I have seen not being able to login because of an still active session file that did not match - but actually altered credentials (password, email) would be a serious problem.
No, I don’t think that the credentials are mysteriously modified. Rather a session problem. Maybe similar to the logout, multiple tabs open or so.
the credentials didn’t change … but sometimes the user isn’t able to simply login again as kirby says “wrong credentials”. I think “wrong credentials” is the standard error being thrown also when one of the login limits (too many attempts and alike) counts in.
Wondering if it’s this issue Session: Allow clearing the session on the "Session is currently read-only" error · Issue #3263 · getkirby/kirby · GitHub - or rather if this would be the solution. But if our normal error message for this problem is “wrong credentials” that would indeed be misleading. Maybe @lukasbestle has a better overview.
as the users has many open tabs (to preview their pages) there are usually many open tabs and some of them might not be visited through their session again.
Also non of the session have the “remember me” checkbox checked as we had hidden it to prevent too long sessions. This is because the ipads are just for temporary use and not their own ones. So might it be that a user is being thrown out on one of the tabs not being used for some time?
We had such issues before, e.g. Random logouts while using the Panel · Issue #3981 · getkirby/kirby · GitHub.
I recommend to update to Kirby 3.7.2 or newer. We fixed a lot of cache, login and session related bugs in 3.7.0-3.7.2. It is very likely that the random logouts are caused by caches that prevent Kirby from updating the session cookie in the user’s browser.
will do (3.7.5) and let you know, thanks!