admin getting logged out.

[avi7611]

i made a admin user, but when trying to edit a preexisting challenge or trying to go into admin section after 1-2 minutes, i'm being redirected to home page, and getting logged out when i try to save changes, any idea what could be messed up ?
i have no unusual activities in my apache logs.
ps:- Tried to remove all users and they created new admin user, problem was solved but again its same now after 3-4 time logging in.

[Nakiami]

Have you checked the admin exceptions log? If you can't access through the UI, then you can check the exceptions table in the database.

The only thing I can think of that might be logging you out is if your IP keeps changing. If the IP changes the login session will be invalidated.

[avi7611]

the exception log is empty, my ip is stable and static, can you tell me how do i disable the ip management kicking out feature, so that it does't kick me out of session. cause i have a CTF in my university coming up this tuesday.

[avi7611]

An invalid cookie token was used. Cookie likely stolen. TS: 4R3p983+qrrKm1mF	2020-01-26 14:12:49	N/A	157.39.1*.**
#0 /var/www/mellivora/include/session.inc.php(72): login_session_create_from_login_cookie() #1 /var/www/mellivora/htdocs/home.php(5): login_session_refresh() #2 {main}

well, i made a new user a moderator and this popped up in exception logs.
i used * to hide my ip in this comment

[Nakiami]

Hm. That means your session has been closed and for some reason the content in your remember-me cookie or database have diverged. Have you been dropping the database manually?

Try resetting the cookie_tokens table. Then delete all your cookies set by mellivora.

I still think the root of the issue may be a varying IP. If it is, you could try to make the get_fingerprint() method in include/session.inc.php (https://github.com/Nakiami/mellivora/blob/master/include/session.inc.php#L379) return an empty string.