Users being logged out too frequently

Hi,

I’m just wondering what the conditions are for a user being logged out and their sessionToken expiring?

Here is my login flow:

  1. get saved sessionToken from last successful login
  2. coronium:setSessionToken ( sessionToken )
  3. coronium:getMe ()
  • if I get the user’s objectId then I start the app without having them login
  • if I don’t get the objectId then I prompt them to enter their credentials and login

Is there anything suspect about this flow? Can I do anything to prevent sessions expiring so often?

Many thanks,

Andrzej on Coronium AWS 1.93.1

Take a look at mod_users in the coronium/lib folder. There is a function “t.addSession( userId, secondsToExpire )”. It appears that secondsToExpire was not implemented and is defaulted to 60. That could be your issue. Wish I was more help but I implemented my own user handler and do not use the baked in module. 

Code for reference:

--SESSIONs function t.addSession( userId, secondsToExpire ) t.clearSession( userId ) local secondsToExpire = secondsToExpire or 60 local token = crypto.hash( tostring( ngx.now() ) .. userId ) local data\_table = {} data\_table.token = token data\_table.userid = userId local d = {} d["$currentDate"] = { updated = { ["$type"] = "date" } } d["$set"] = data\_table local answer = coronium.mongo:update( "\_users", "session", { userid = userId, token = token }, d, 1 ) if not answer.error then return coronium.success( { sessionToken = token } ) else return coronium.error( answer.error ) end end

Hi Steven,

Many thanks for your reply :slight_smile:

I’m looking at the server via FileZilla but can’t see any /lib folder under /coronium , or seem to find  mod_users anywhere else. Am I looking in the right place, and am I correct in assuming when I do find the file I can simply edit that default value?

Cheers,

Andrzej

Sorry, this is a core file so it will be located at “/usr/local/coronium/lib”. You will probably want to SSH vs FTP to get to this file. Also again keep in mind I would not change this one directly but rather create my own version in “/home/coronium/lua/_modules/”. 

Hi Steven,

Thanks for your reply which helped me find all the modules and gain a greater understanding of how Coronium works! Looking at the code I can’t see anywhere where secondsToExpire is used or the session time limit is enforced in any way. Do you have any suggestions as to how I might proceed?

I’m also suffering from an issue where getObjects is not returning the full set of objects. I wonder if something fundamental has gone wrong somewhere?

Many thanks,

Andrzej

Take a look at mod_users in the coronium/lib folder. There is a function “t.addSession( userId, secondsToExpire )”. It appears that secondsToExpire was not implemented and is defaulted to 60. That could be your issue. Wish I was more help but I implemented my own user handler and do not use the baked in module. 

Code for reference:

--SESSIONs function t.addSession( userId, secondsToExpire ) t.clearSession( userId ) local secondsToExpire = secondsToExpire or 60 local token = crypto.hash( tostring( ngx.now() ) .. userId ) local data\_table = {} data\_table.token = token data\_table.userid = userId local d = {} d["$currentDate"] = { updated = { ["$type"] = "date" } } d["$set"] = data\_table local answer = coronium.mongo:update( "\_users", "session", { userid = userId, token = token }, d, 1 ) if not answer.error then return coronium.success( { sessionToken = token } ) else return coronium.error( answer.error ) end end

Hi Steven,

Many thanks for your reply :slight_smile:

I’m looking at the server via FileZilla but can’t see any /lib folder under /coronium , or seem to find  mod_users anywhere else. Am I looking in the right place, and am I correct in assuming when I do find the file I can simply edit that default value?

Cheers,

Andrzej

Sorry, this is a core file so it will be located at “/usr/local/coronium/lib”. You will probably want to SSH vs FTP to get to this file. Also again keep in mind I would not change this one directly but rather create my own version in “/home/coronium/lua/_modules/”. 

Hi Steven,

Thanks for your reply which helped me find all the modules and gain a greater understanding of how Coronium works! Looking at the code I can’t see anywhere where secondsToExpire is used or the session time limit is enforced in any way. Do you have any suggestions as to how I might proceed?

I’m also suffering from an issue where getObjects is not returning the full set of objects. I wonder if something fundamental has gone wrong somewhere?

Many thanks,

Andrzej