Serious. Show-stopping problem! How do I keep from getting logged out?

If you stage the site on a different server, does the same thing happen? It could be an issue tied to your host, and not EE itself.

That may be a possibility. What I am looking for is the “correct” way to configure the server and the site so that this doesn’t happen.

Unfortunately, that might prove to be a wild goose chase.

I know I’ve had session timeout behavior on one server that is different than others, and rooting out something with that particular hosting company (and their support team) was usually part of the solution.

The correct setup should mainly be met by satisfying the ExpressionEngine server requirements and/or the ServerWizard.

From what Derek said, there is the server time, php time, EE time and computer time and they all need to be in sync - on the same timezone. So I have done that, but who knows what other gotchas are involved. Is it better to use sessions or cookies?

If these are all critical, it seems that it should be spelled out pretty clearly in the documentation.

They don’t all have to be on the same timezone, they just have to be correct. Like my laptop battery died and I hadn’t used it in forever. I tried to login, kept getting logged out. System clock was wrong, it thought it was like 3 months ago.

My laptop doesn’t have to have the same timezone setting as the server hosting my site, but it needs to be the correct time, not 3 months ago. If you set it for a different time, it’s going to act like it’s that time.

The docs don’t get into specifics too much because it’s generally pretty automatic. If the times are all correct, it works. Where you can run into a problem is if something is just way wrong. It’s a super, super rare issue in support.

I can’t remember- does this happen on different servers or do you know? And does it happen for different people on different ISPs? I’ve had cases where the office firewall was playing stupid games and causing problems- when someone used their phone or at home, no problems.

And you do need to watch for user error. Sometimes folks leave things sitting over lunch, come back, hit save, and don’t realize it’s already logged out.

As to sessions vs cookies, I personally like cookies with ‘remember me’. But it depends. If they’re logging in from shared computers, sessions are nice added security. And it’s certainly worth trying sessions only to see if they still run into the issues. It gives us a good data point doing that as well.

Thank you for the thoughtful and detailed response. This is helpful, but I am still not sure where the problem is happening. We produce a weekly blog at https://hobblecreek.us. The entries are fairly long and even though the draft is written in Word, it takes time to polish, add photos, review, etc. - usually at least an hour but often two to three. While an initial save once required fields are populated is always done early on, hitting the Save button on lengthy entries is a pain point because it collapses the Window and you have to expand the window and go back in to find your place (ditto, only worse on editing). Because the Control Panel should remain open while active, it is easy just to keep working with the content. This is when the problem happens - unannounced the Control Panel closes with the message: “The form has expired…” and the only option is to log in again. Under these circumstances it is not possible for an hour to lapse without activity. Hence the post. It would definitely be user error if we were walking away from an unsaved entry for lengthy periods.

Thinking that everything had to be pretty much in sync I changed the server time, php time and ExpressionEngine all to be on the same time zone. As far as I can tell, they along with the computer are all displaying the correct time. Also, there is generally only one person in the CP at a time, occasionally two, but never working on the same entry simultaneously. I will change it to Cookies and see if that helps, but for all intents and purposes I am doing the right things. I have been building EE sites since 2008, so I am not too much of a novice. Also, any thoughts on the versions issue? I have it set to save 10 versions, but the timing on the version saves appears to be a bit haphazard, saving 4 versions at the save time - all 40 minutes before the CP closes out. Are versions created only when you click Save, or is there an Auto-save built in?

I just want to avoid the wasting of 40 minutes of creative time with each lost entry and therefore am in pursuit of the CP settings gold standard that will protect the innocent. Any other insights you might have are welcome. Thank you!

Can you test something for me. Set sessions to cookie only and have them logout and when the log back in, select ‘remember me’. I want to see if they still end up getting logged out.

Also- the actual modal to log back in is being triggered- right? Without them submitting or anything? They’re just working on the entry and the modal to login appears?

As for versions- right, versions are only created when manually saved. But- there is an automatic autosave feature which should be happening behind the scenes and that should have a copy if it bails out before being manually saved. I’m going to go double check all is well there.

It appears that changing to Cookies only along with Keep me Logged in makes the difference. Thank you very much for your attention to this.