Are we talking about v10 or v11 here? IIRC v11 has a security level option in the Setup Wizard that influence the security settings, including this value - so maybe that's what you're seeing?
Not speaking for Adam but I will say for me, v10 has logged me out repeatedly of a confirmed / high security session for the admin / CNS zone after about 5 minutes. It got annoying so I disabled the Require confirmed session option for those zones. v11 does not seem to have this issue.
I was talking v10 and pretty much what Patrick said. Staff shouldn't be logged out after 5 mins inactivity and changing the value affects all users (afaik). Haven't looked at v11 since last year, had issues installing but maybe those are fixed now.
"Cannot write to comcode_safelist.txt. File permissions for it (or the directory it is in) have not been set correctly."
Quite a list of files that cannot be written to according to initial install checks, this happens on Step 5. v10 installs without issue on the same Bitnami Wampstack. I imagine you gents are running it from the repo.
Okay I tested on a v10 install. Default is 1 hour sessions. I completely shut down all tabs so AJAX couldn't keep my session alive and gave it about 20 minutes. I was still logged in.
What may be happening is your IP is changing, and you have the "Enforce IP addresses for sessions" option on. If you use Cloudflare that's likely, as Cloudflare's DNS TTL is 5 minutes, after which you may hit a different Cloudflare IP to proxy your website against.
v11 has automatically got a Cloudflare workaround in place that shows Composr your correct IP. On v10 it has to be manually configured.
Oh and if we did want a disparity in session lengths between usergroups, we'd actually want admins to have a shorter session (because session hijack for admins is a more serious risk than for a regular member).
My IP changes, but not that regularly. Do not have Enforce IP on. Not a cloudflare user. If I don't do anything within 5 mins I am logged out. Not a major issue, I've set backdoor_ip so I'm never logged out (unless my IP changes, but that's not a regular occurrence).
127.0.0.1 as expected for localhost, but this doesn't match the IP from my ISP. On live website the REMOTE_ADDR matches my actual IP.
When accessing this page (locally or live):-
Your server is failing to connect to itself through it's base URL, with an error code of “404”. Try setting the “Work-around IP forwarding” option. There can be other causes, such as your server blocking web requests to itself. If problems persist, contact your webhost.
Enable 1:-
Similar message but the error code is "".
Patrick said they could reproduce, but we tried on their server and could not.
Looking at the code I could only think of 4 things that would break this:
1) Some kind of browser extension/feature clicking the log out button secretly for you (I wouldn't put it past some web accelerator plugins, if you have one)
2) An unreliable persistent cache that is reverting to an older version of the sessions list. If you have the persistent cache enabled, you could try disabling it. $SITE_INFO['use_persistent_cache'] = '0'; in _config.php
3) IP address changing (which I know you say is not happening). If you are logged out you could see if the REMOTE_ADDR setting is different in phpinfo when you log back in.
4) Something like a browser extension messing with the session cookie in your browser, clearing it out.
"Cannot write to comcode_safelist.txt. File permissions for it (or the directory it is in) have not been set correctly."
Quite a list of files that cannot be written to according to initial install checks, this happens on Step 5. v10 installs without issue on the same Bitnami Wampstack. I imagine you gents are running it from the repo.
What may be happening is your IP is changing, and you have the "Enforce IP addresses for sessions" option on. If you use Cloudflare that's likely, as Cloudflare's DNS TTL is 5 minutes, after which you may hit a different Cloudflare IP to proxy your website against.
v11 has automatically got a Cloudflare workaround in place that shows Composr your correct IP. On v10 it has to be manually configured.
When accessing this page (locally or live):-
Your server is failing to connect to itself through it's base URL, with an error code of “404”. Try setting the “Work-around IP forwarding” option. There can be other causes, such as your server blocking web requests to itself. If problems persist, contact your webhost.
Enable 1:-
Similar message but the error code is "".
Looking at the code I could only think of 4 things that would break this:
1) Some kind of browser extension/feature clicking the log out button secretly for you (I wouldn't put it past some web accelerator plugins, if you have one)
2) An unreliable persistent cache that is reverting to an older version of the sessions list. If you have the persistent cache enabled, you could try disabling it. $SITE_INFO['use_persistent_cache'] = '0'; in _config.php
3) IP address changing (which I know you say is not happening). If you are logged out you could see if the REMOTE_ADDR setting is different in phpinfo when you log back in.
4) Something like a browser extension messing with the session cookie in your browser, clearing it out.