We are sorry but your session has expired

More
11 months 3 weeks ago #169073 by mariush
Hi,

We are getting a lot of complaints from users that when they try to complete a survey, the get the following error: We are sorry but your session has expired

Some of the users said they are getting this issue even when submitting the survey immediately after opening it, so it is definitely not a session timeout issue.

I've found a couple of other threads about the same topic, but none of them has a definitive answer.

Below is my server's phpinfo. I don't have permission to modify ini.php

Any assistance would be appreciated.

Thank you.

 

Please Log in or Create an account to join the conversation.

LimeSurvey Partners
More
More
11 months 3 weeks ago #169077 by mariush
Thank you for the reply.

I can't seem to find the Session lifetime (seconds): option in Global Settings. I am running LimeSurvey Version 3.7.2+180508

Is there another way to set the session lifetime?

Just to clarify, the users get an issue even when they immediately complete the survey (e.g. 3 seconds from opening the survey to submitting it).

Other users are able to take a few minutes to complete the survey without issues.

Please Log in or Create an account to join the conversation.

More
11 months 3 weeks ago #169078 by LouisGac
manual.limesurvey.org/Global_settings

"Session lifetime (seconds) (only available with database sessions): Defines the time in seconds after which a survey session expires (provided there is no action from the participant). When using regular, file-based sessions, it is up to the system administrator to define the right values for 'session.gc_maxlifetime', 'session.save_path', etc., in the PHP configuration. Not only the web server settings but also the other similar settings of other applications may overwrite the setting for file-based sessions when editing it locally via the application. The maximum value that can be introduced is 65000 (seconds). It is recommendable to use a reasonable value. Bear in mind that, when using database sessions, check whether the MySQL setting called max_allowed_packet is set to a large value because some surveys generate over 2 MB of session data"

Please Log in or Create an account to join the conversation.

More
11 months 3 weeks ago #169080 by mariush
That option is not available for me. I'm guessing I'm not using database sessions.

Will moving to database sessions make any difference?

Please Log in or Create an account to join the conversation.

More
9 months 4 weeks ago #171546 by mfreund
I'm getting similar reports from my users. Like mariush, I do not see a setting for session lifetime in Global Settings/General.

In addition, even though I have token-based response persistence active, they are reporting that when they reload the survey it does not bring up their prior responses and they need to begin again from the beginning.

Any help with this would be welcome!

Please Log in or Create an account to join the conversation.

More
5 months 1 week ago #178145 by ccoupeau
Hello,
Hello,

Since me last version update (3.15.4) I have the same problem.

Did you find a solution that helped you solve the problem?

Thank You.
Charles.

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago #183180 by voteref
Hello,

I'm currently using version 3.17.1, and had the same "session expired" problem, plus other strange symptoms such as a login impossibility, and I finally solved it.

It turned out to be a cookie problem. By default, limesurvey uses the classical "PHPSESSID" cookie name to store the session info. Someone else in my non-profit organization, working on another website located in the same higher-level domain name (let's call it "example.org") had a "brilliant" idea: he decided to share the session state among several websites (let's say " www.example.org ", "forums.example.org", etc.), and decided to use the PHPSESSID cookie name, but associated with the "umbrella" domain "example.org"...

So, someone who has previously visited one of those websites, and who then comes to the limesurvey site (whose name could be "limesurvey.example.org") gets 2 "PHPSESSID" cookies in their browser: one associated with the "example.org" domain, and one associated with the "limesurvey.example.org" domain.

RFC6265 ( tools.ietf.org/html/rfc6265 ) states, in §4.2.2:

Although cookies are serialized linearly in the Cookie header,
servers SHOULD NOT rely upon the serialization order. In particular,
if the Cookie header contains two cookies with the same name (e.g.,
that were set with different Path or Domain attributes), servers
SHOULD NOT rely upon the order in which these cookies appear in the
header.


It looks like Limesurvey depends on this order, and in that way, is not compliant with RFC6265.

The workaround I used consists in changing the name of the session cookie in Limesurvey. This can easily be done in "config.php" by adding this code snippet:

'session' => array (
                        'sessionName' => "MyOwnPrivateCookieName",
                        ),

That way, everything runs fine again, but I think Limesurvey should address that problem. Unfortunately, my competencies in PHP are such that I cannot propose a patch for that, sorry.

Regards,

Bruno
The following user(s) said Thank You: tpartner, cdorin

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago #183186 by holch
If you think it is an issue that should be addressed (a bug of some sort) please file a bug report. Otherwise this will not be fixed. The developers do not check every post in the forum. So if you feel that something is wrong and needs to be fixed, please report it.

I'm not a LimeSurvey GmbH member. I answer at the LimeSurvey forum in my spare time. No support via private message.
Some helpful links: Manual (EN) | Question Types | Workarounds
The following user(s) said Thank You: voteref

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago - 1 month 1 week ago #183192 by voteref
Thanks, I just wanted to answer here first, as the topic was the infamous "session expired" problem, which seems to happen from time to time without any explanation being found, but it was my intention to file a bug report as well. I just didn't have time to do it at the end of the afternoon (French time), but I'm going to do it right away.

Regards,

Bruno
Last edit: 1 month 1 week ago by voteref.
The following user(s) said Thank You: tpartner

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago - 1 month 1 week ago #183217 by tpartner

...it was my intention to file a bug report...

Thanks, and please give a link here so we can follow the bug.

Cheers,
Tony Partner

Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.
Official LimeSurvey Partner - partnersurveys.com
Last edit: 1 month 1 week ago by tpartner.

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago #183220 by voteref
Hello!

Here you are: bugs.limesurvey.org/view.php?id=14766

Regards,

Bruno
The following user(s) said Thank You: tpartner, cdorin

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago #183231 by cdorin
Told the devs about it. They will reply you in the bugs tracker. Thanks for reporting it!

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago #183245 by jelo

holch wrote: The developers do not check every post in the forum.

That's why it makes no longer sense to post here first. First open a bugticket and than a forum post ;-) Saves time and indicated issues around GUI/understanding if the bugticket was just a misunderstanding.

The issue around the default sessionname is known for years. It was seen as the job of the webmaster to setup names. Many php applications are generating session names to prevent issues around multi-installations / shared webhosting. It's one more bulletpoint on the checklist to use LimeSurvey productive (like deactivate AJAXmode etc.)

www.limesurvey.org/forum/development/113...-default-sessionname

It might will be changed in this effort: bugs.limesurvey.org/view.php?id=14621#c51047

The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago #183249 by DenisChenu
I make a pull request (when ready) for new install (in 4.0) : bugs.limesurvey.org/view.php?id=14772

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand .
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in or Create an account to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!