Login Timeouts

6 posts by 2 authors in: Forums > CMS Builder
Last Post: October 2, 2015   (RSS)

Hi,

How can i change the way of the "Automatically expire login sessions" so logged in users through websiteMembership add-on do not expire or have an idle time and expire only after that?

The CMS login expiration has many reason to exist but in the application (driven by cmsBuilder and websiteMembership ) it is really frustrating to auto-logoff and expire users's session.

Any ideas are appreciated,
Karls

Hey Karls, 

The automatic logout time is set to 30 minutes by default, but you can increase it as much as you want. If you log into the CMS, then go to General Settings, under Security Settings you'll see a field called Automatically expire sessions after (I've also attached an example screenshot). You can increase this to as much as you need.

Thanks!

Greg

Greg Thomas







PHP Programmer - interactivetools.com
Attachments:

CMS Builder.png 69K

By ht1080z - September 30, 2015 - edited: September 30, 2015

Hi Greg,

and thank you for your reply.

My question is pointed out the weakness of this option exactly.

I need to keep low this timeout value for security reason but this break user's experience outside of the cms (in a web application) with the continuous session expiration.

I searching for a method or a custom solution that separates the CMS from the websiteMembership driven web-app timeouts.

PS: if there is no way to make this option separated and if i keep the CMS management very strict (required logoff) may can increase the value to hours so i can live with it.

Regards,
Karls

By ht1080z - October 2, 2015 - edited: October 2, 2015

Hi Greg,

Is there no way to add to cmsBuilder and websiteMembership to expire logon session after the browser closed?

Regards,
Karls

You can edit your CMSB install so that this happens, but it requires changing a core file. So we can't provide support for any issues related to the change, and it will be undone if you upgrade the CMS.

On line 367 of cmsb/lib/login_functions.php update this line:

  // set login cookie
  setPrefixedCookie(loginCookie_name(), $encodedLoginData, 0);  // save cookie until 2038, expiry is enforced by settings and loginCookie_get()

This will tell the browser that it has to log the user out when the browser closes. This will affect both the website membership and CMS logins. 

Just a note: while testing I noticed that to get Chrome to count as closed, you either have to restart your PC or close it from the icon in your taskbar.

Cheers,

Greg

Greg Thomas







PHP Programmer - interactivetools.com