Admin Keepalive Timer [Support Thread]

[mc12345678]

Trying to look into this, but a thread was begun identifying issues with this module (using latest) for an admin user that is not given superuser permissions while logged in to a ZC 1.5.4 site. Thread: https://www.zen-cart.com/showthread.php?t=217827

Admin Logs have repeated "attempted access to unauthorized page [keepalive] for legitimate admin user.
This admin user is not a 'superuser', ie: has restricted permissions.
SuperUser admin does not cause similar log entries.

Code:

notice
2015-07-21 06:29:06
199.xx.xx.xx
2 DailyAdminUser (not SuperUser)    
keepalive.php    
r=0.8515617775265127    
1        
Attempted access to unauthorized page [keepalive]. Redirected to DENIED page instead.    
Array
(
)

[apogeerockets]

I am getting the "We are unable to connect to the server. Your work may be lost....." alert. It's super annoying, so I disabled the "alert('<?php echo TEXT_KEEPALIVE_SERVER_UNREACHABLE_MESSAGE1;?>');" code to no ill effects.

I have noticed, though, that even when I click the "Yes, Keep Working" button, the header on the site continues to countdown, until it says "!!Expired Session" But It's not actually expired. Just the page's header says that. And the countdown isn't even consistent after clicking keep working, then navigate to another tab. It will hang out at like 181 2-3 seconds, 180 for even longer, sometimes flash the pages actual title, then continue counting down at normal speed once the tab is in focus. Once it says expired session, the next time the modal box pops up, it doesn't give the countdown, it says that the session expired and to login.

[frank18]

I am getting the "We are unable to connect to the server. Your work may be lost....." alert. It's super annoying, so I disabled the "alert('<?php echo TEXT_KEEPALIVE_SERVER_UNREACHABLE_MESSAGE1;?>');" code to no ill effects.

I have noticed, though, that even when I click the "Yes, Keep Working" button, the header on the site continues to countdown, until it says "!!Expired Session" But It's not actually expired. Just the page's header says that. And the countdown isn't even consistent after clicking keep working, then navigate to another tab. It will hang out at like 181 2-3 seconds, 180 for even longer, sometimes flash the pages actual title, then continue counting down at normal speed once the tab is in focus. Once it says expired session, the next time the modal box pops up, it doesn't give the countdown, it says that the session expired and to login.

Yes, this has been an issue for yonks and was first mentioned in this thread in Sept 2013.

I have several ZC 1.5.4 installs on my local dev server (PHP 5.5.9, Apache 2.4 etc, Ubuntu OS, etc) and it happens only on one site, the others are not giving me the error. I did core file comparisons left, right and center but can't pin-point the cause of this annoying error. All the core files in admin are the same in all sites.

Now I am thinking that there may be a clash with some other jscripts (from installed mods) which could produce that message..... so my next move will be to (temporarily) kick out all other non-core scripts from the admin/includes/javascript folder, test without them and add them back one by one. Tedious, but it may throw a light on this .... eventually.

[Kjell Aa]

I know this sounds like a dumb question, but wouldn't it be much simpler to allow the "Admin Session Time Out in Seconds" be set to infinite?

The Admin Keep Alive timer only tells you ever so often that you are going to be timed out, and if you don't respond soon enough you will get logged out.

I like to have the "who's online" page up just to pop in now and then to see if there's anyone there.

Kjell Aa

[frank18]

I know this sounds like a dumb question, but wouldn't it be much simpler to allow the "Admin Session Time Out in Seconds" be set to infinite?

You loose your PCI compliance.....

The Admin Keep Alive timer only tells you ever so often that you are going to be timed out, and if you don't respond soon enough you will get logged out.

I like to have the "who's online" page up just to pop in now and then to see if there's anyone there.

Kjell Aa

If you want that to happen then you only need to set "Updating Manually" (top right hand box) from the default "OFF" to 1 Min.

[Kjell Aa]

And why do I not want to loose my PCI compliance.
What is that?

Kjell

[frank18]

And why do I not want to loose my PCI compliance.
What is that?

Kjell

Worth reading: https://www.pcicomplianceguide.org/pci-faqs-2/

[DrByte]

I like to have the "who's online" page up just to pop in now and then to see if there's anyone there.

Kjell Aa

If you want to do that, it's fine, as long as you create a separate Admin profile with permissions to only that page, and then leave that admin user logged in someplace with a refresh every 15 min or less.
Just don't leave someone logged in to an admin ID that has permission to access all the other parts of your admin.

[Kjell Aa]

PCL Compliance.
As far as I can read it, this applies to webshops that stores or handles credit card data:
"if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply"

All I offer is PayPal, which does not pay me directly, and bank prepayment, which also do not pay anyting through my webshop.
In any case it seems to be a US requirement, I have never heard anything about this in Europe.


Secondly, why do I need to create a separate Admin profile to leave the admin page open?
My PC is not in any public place, and it will only be open when I am in front of my PC screen.

Third, where excactly do I put "Updating Manually" ?
Is it instead of the 900 Seconds of Admin Session Time Out in Seconds?
That doesn't work......

Kjell

[Kjell Aa]

Hi guys,

Can someone please help me here?
I want to stop this auto logout completely.
I just want to log on to my admin page, and then it should stay logged in until I log off.

Some "php for dummies" assistance would be much appreciated.

Kjell