membership session time for password protected pages

By 4cdg - August 12, 2010

I have read and successfully changed the session time on the cms login.

I need to set a session time on the webpages that users log into to view protected content. If they don't logout I want it to force them out after 10 - 15 minutes of inactivity

Is there an easy way to do this with membership plugin or is there some other code or software that can easily make this happen?

Re: [4cdg] membership session time for password protected pages

By Jason - August 12, 2010

Hi,

Both CMS Builder login and the Website memebership plugin use the same session variable. Whatever session time you set in CMS Builder will also affect the session time for people logging in through the membership plugin.

Hope this helps.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [4cdg] membership session time for password protected pages

By 4cdg - August 16, 2010

anything

Re: [4cdg] membership session time for password protected pages

By Chris - August 16, 2010

Hi 4cdg,

PHP sessions often last longer than expected because whether or not they're expired is a probabilistic thing. Presumably this is to prevent session expiry checks consuming too many resources on high traffic sites.

Each time a session is opened, the probability the gc is started is session.gc_probability/session.gc_divisor. session.gc_probability defaults to 1 and session.gc_divisor defaults to 100, which makes a 1% probability.

If you want to make sure that sessions actually expire after the amount of time you've specified, you'll need to set the probability to 100% by adding these lines (in red) to init.php:

ini_set('session.gc_maxlifetime', 60 ); // session garbage-collection code starts getting randomly called after this many seconds of inactiity
ini_set('session.gc_probability', 1 ); // after gc_maxlifetime is met old session are cleaned up randomly every (gc_probability / gc_divisor) requests
ini_set('session.gc_divisor', 1 ); // after gc_maxlifetime is met old session are cleaned up randomly every (gc_probability / gc_divisor) requests

ini_set('session.use_trans_sid', false );


I tested this and it seems to work! :)

I hope this helps! Please let me know if you have any questions.
All the best,
Chris