Login Timeouts

6 posts by 2 authors in: Forums > CMS Builder
Last Post: October 2, 2015   (RSS)

Hi,

How can i change the way of the "Automatically expire login sessions" so logged in users through websiteMembership add-on do not expire or have an idle time and expire only after that?

The CMS login expiration has many reason to exist but in the application (driven by cmsBuilder and websiteMembership ) it is really frustrating to auto-logoff and expire users's session.

Any ideas are appreciated,
Karls

By ht1080z - September 30, 2015 - edited: September 30, 2015

Hi Greg,

and thank you for your reply.

My question is pointed out the weakness of this option exactly.

I need to keep low this timeout value for security reason but this break user's experience outside of the cms (in a web application) with the continuous session expiration.

I searching for a method or a custom solution that separates the CMS from the websiteMembership driven web-app timeouts.

PS: if there is no way to make this option separated and if i keep the CMS management very strict (required logoff) may can increase the value to hours so i can live with it.

Regards,
Karls

Hey Karls, 

I've had a look through the codebase and there isn't an easy way to separate the two cookie expiry times at the moment. But I've made a note of this feature request for future releases of the plugin.

Thanks,

Greg

Greg Thomas







PHP Programmer - interactivetools.com

By ht1080z - October 2, 2015 - edited: October 2, 2015

Hi Greg,

Is there no way to add to cmsBuilder and websiteMembership to expire logon session after the browser closed?

Regards,
Karls

You can edit your CMSB install so that this happens, but it requires changing a core file. So we can't provide support for any issues related to the change, and it will be undone if you upgrade the CMS.

On line 367 of cmsb/lib/login_functions.php update this line:

  // set login cookie
  setPrefixedCookie(loginCookie_name(), $encodedLoginData, 0);  // save cookie until 2038, expiry is enforced by settings and loginCookie_get()

This will tell the browser that it has to log the user out when the browser closes. This will affect both the website membership and CMS logins. 

Just a note: while testing I noticed that to get Chrome to count as closed, you either have to restart your PC or close it from the icon in your taskbar.

Cheers,

Greg

Greg Thomas







PHP Programmer - interactivetools.com