Prestashop Auto Log Out Issue

Some users may encounter an issue about auto logout from Presta admin.

To solve the issue of Presta Shop logging out your session all the time, we have reviewed the codes and here is the solution to it. This fix basically removes the IP checking that Presta Shop has, allowing you to fix the login problem.

Edit File: <presta shop folder>/classes/cookie.php

For Prestashop Version 1.3

Find the following line (Before) and edit the line of code, removing everything the second “AND” and everything after it. It should look like the After portion.

Before

if ($this->id_employee AND Validate::isUnsignedId($this->id_employee) AND Employee::checkPassword(intval($this->id_employee), $this->passwd) AND (!isset($this->_content[‘remote_addr’]) OR $this->_content[‘remote_addr’] == ip2long(Tools::getRemoteAddr())))


After

if ($this->id_employee AND Validate::isUnsignedId($this->id_employee) AND Employee::checkPassword(intval($this->id_employee), $this->passwd))


For Prestashop Version 1.4

Find the following portion of code, and add two slashes // in front of it so that it looks like the After portion.

Before

AND (!isset($this->_content[‘remote_addr’]) OR $this->_content[‘remote_addr’] == ip2long(Tools::getRemoteAddr()))

After
(You only need to add // in front of the line of code)

//AND (!isset($this->_content[‘remote_addr’]) OR $this->_content[‘remote_addr’] == ip2long(Tools::getRemoteAddr()))


For Prestashop Version 1.4.7 and above

You can login to Prestashop admin, click on Preference, set “Check IP on the cookie” to “No”

 

Explanation of Solution: Some ISPs (Internet Service Provider) actually have a cache/proxy/firewall (for security or speed acceleration) that may not represent the IP of the user accurately. So what exactly happens is that Presta Shop is more secure by tagging your login session (via an authentication cookie) with your IP address, and constantly checks for it whenever you’re in the admin panel. However, because of how certain ISPs are setup, this IP address may not match your true IP address, resulting in you being logged out.

Example (tested with Starhub, a Singapore ISP)

If you are a Starhub user and try to access the following websites, you will notice that both websites will show a different IP address. The first website shows you your real IP address, and the other website actually shows you your ISP’s cache/firewall/proxy’s IP address. This mis-match of IP addresses is what causes the auto log-out issue in Presta Shop.

http://www.whatismyipaddress.com shows you the real IP address
http://www.whatismyip.com/ shows you your proxy’s IP address (Note: Depending on your system, some users will not see an IP address from this website)

To secure your Presta Shop admin folder, do remember to use the Password Protect Directories feature on your admin folder. If you have a static Internet line, it is also a good idea to deny any other IP addresses other than your own IP address, using the .htaccess or using IP blocker.

(Visited 3,971 times, 1 visits today)

2 Comments

  1. vodien

    Hi Ed,

    For PS 1.6, you may login to Prestashop as an admin, click on Preference, and set “Check IP on the cookie” to “No”. This solution works for PS 1.47 & above.

    Hope this helps 🙂

Leave A Comment?