Site is signing-out after 1 page visit
Permalink
I've got a site that is signing out after the initial page - here are steps:
1. Sign-in at site.com/login
2. Successfully signs in, redir to home page, administrator edit bar IS present
3. Click to edit page
4. Refreshes with index.php?cID=1&ctask=check-out... querystring but is NOT signed in anymore
As an alternate, try going to site.com/dashboard so that redir is to dashboard in case it's a front-end/theme issue, steps are as follows:
1. Visit site.com/dashboard, redir to site.com/login
2. Successfully signs in, CAN see full dashboard
3. Click on any page within dashboard, signs out and says: "This user is inactive. Please contact us regarding this account."
I've checked DB and the user is definitely active (plus, why would it sign in first page anyways)
1. Sign-in at site.com/login
2. Successfully signs in, redir to home page, administrator edit bar IS present
3. Click to edit page
4. Refreshes with index.php?cID=1&ctask=check-out... querystring but is NOT signed in anymore
As an alternate, try going to site.com/dashboard so that redir is to dashboard in case it's a front-end/theme issue, steps are as follows:
1. Visit site.com/dashboard, redir to site.com/login
2. Successfully signs in, CAN see full dashboard
3. Click on any page within dashboard, signs out and says: "This user is inactive. Please contact us regarding this account."
I've checked DB and the user is definitely active (plus, why would it sign in first page anyways)
The difference was that this was related not to the IP address but rather to the User Agent, so modifying application/config/concrete.php to include:
... should work, but for some reason the headers must not have been being sent properly from Cloudflare. The site has been behind Cloudflare for a long time, so I don't know why this issue would all of a sudden pop-up, but I actually corrected this issue not with the solution above but rather by bypassing Cloudflare for the editing and dashboard features.
I should add, this solution above would be a workaround but it is less secure, as it does as suggests, disables validation of the session based on user agent, so use with caution if you do use.