Where has my thread gone??

31. Posted by AndyF (Moderator 3082 posts) 4w Star this if you like it!

It's kicking me out every few hours now. Using Google Signin.

32. Posted by Sander (Moderator 6156 posts) 4w Star this if you like it!

My sessions still last longer than a couple of hours, but I've already had to log back in twice on my main machine since Peter posted - so I don't think this fix is quite there yet... (and very much not using Google for signing in).

[ Edit: Edited on 3 Apr 2025, 16:25 GMT by Sander ]

33. Posted by leics2 (Travel Guru 7289 posts) 4w Star this if you like it!

I had to log in first thing yesterday and I've just had to do so again (Windows+ Chrome on desktop). I don't log in via google. :-(

34. Posted by Peter (Admin 7337 posts) 4w Star this if you like it!

Well so much for that idea then.. back to the drawing board

35. Posted by Sander (Moderator 6156 posts) 4w Star this if you like it!

I think you did touch the right area of code, since the situation now is noticeably worse. :/

36. Posted by leics2 (Travel Guru 7289 posts) 3w Star this if you like it!

Still logged-in this morning. Yay! :-)

In case it's relevant, I usually visit at least twice a day when I'm at home.

37. Posted by BeateR (Full Member 396 posts) 3w Star this if you like it!

Again logged out

[ Edit: Edited on 5 Apr 2025, 11:51 GMT by BeateR ]

38. Posted by BeateR (Full Member 396 posts) 3w Star this if you like it!

And again, had to logg in. It is only frustrating.

39. Posted by Peter (Admin 7337 posts) 3w Star this if you like it!

Quoting Sander
I think you did touch the right area of code, since the situation now is noticeably worse. :/

Well that's just crazy. All I did was extend the expiry of the cookie from 1 day to 1 year when that checkbox is ticked.

40. Posted by Sander (Moderator 6156 posts) 3w Star this if you like it!

That makes me think this is indeed what's happening:

Quoting Sander
I'm starting to think there must be some kind of internal hash clash evicting us...

Just by virtue of there now being more people being logged in for longer.

Which cookie, btw? This makes me think cfid - but that basically means you're trying to keep the "session" alive for a year internally, which I'd indeed expect to overflow - rather than having people start a new session on a subsequent visit with some securely hashed authentication token.
Also, I see that my cftoken has the content of "0", which I thought that went together with cfid? *searches a bit* Yeah, that really shouldn't be 0! I think that's your cause right there... *searches more* ...or maybe not? I see that things like lucee do this deliberately now, in combination with having a non-sequential cfid, which indeed seems to be the case for you, too. ...okay - I guess I just don't know enough about the current setup to usefully contribute here.

[ Edit: Edited on 7 Apr 2025, 07:32 GMT by Sander ]

System Talk Threads