[eluser]Unknown[/eluser]
I am having a problem with my site where many users are logged out automatically after some time on the site. I have also experienced the bug occasionally on my own computer while working, but at first it was difficult to replicate.
Now, I have found a possible source of the problem, and I am wondering if you think this is a feasible source of the error. My guess is that $config['sess_time_to_update'] is at fault.
I find that I can quickly recreate the logout bug by by lowering my sess_time_to_update variable from 120 to 2.
Code:
$config['sess_time_to_update'] = 2;
Using selenium, I am able to bombard my site with page refreshes and then check when the user gets logged out. When selenium is set to refresh the page as fast as it can and update time = 2, I am able to immediately replicate the logout bug (i.e. the session gets logged out). However, if selenium is set to refresh slowly, or if I just refresh by hand, it is more difficult to get logged out (but it still can eventually happen).
Is it possible that when the session is being updated, another call is being made to get the current session, and these two database calls are having a collision or made in such a way that it is logging the user out?
e.g.
1) session starts getting updated in database
2) site redirects, calls to see if user's cookie agrees with what's in the database ... it doesn't because it hasn't been updated yet
3) user gets assigned a new cookie as "not logged in"
Other ideas on the problem or how to fix it? For now, I have just increased my sess_time_to_update to 600. Thanks!