|
Author
|
Message
|
|
Tuomo Syvänperä
|
Thursday 04 June 2009 4:46:03 am
I want to logout the user after for example 30 minutes, if he/she hasn't done anything. I've been playing around with Session settings in site.ini (ActivityTimeout, SessionTimeout and CookieTimeout). It seems that I get the user thrown out after 30 minutes if I set the CookieTimeout to 30 minutes, but then the user gets thrown out always, even if he/she has loaded some pages within that 30 minutes.. ActivityTimeout and SessionTimeout doesn't seem to do squat.
|
|
André R.
|
Thursday 04 June 2009 5:42:37 am
It looks like you would have to use ActivityTimout. The logic in eZUser::isUserLoggedIn( $id ) goes like this:
$time = time();
$ini = eZINI::instance();
$activityTimeout = $ini->variable( 'Session', 'ActivityTimeout' );
$sessionTimeout = $ini->variable( 'Session', 'SessionTimeout' );
$time = $time + $sessionTimeout - $activityTimeout;
$sql = "SELECT DISTINCT user_id
FROM ezsession
WHERE user_id = '" . $userID . "' AND
expiration_time > '$time'";
Whereas the expiration_time value in the database is set during session writes in eZSession::internalWrite() with happens on every request you make to the server:
$expirationTime = time() + $ini->variable( 'Session', 'SessionTimeout' );
What version are you on?
eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom
|
|
Tuomo Syvänperä
|
Thursday 04 June 2009 10:49:41 pm
Currently I'm on version 4.1.1. I did notice the two functions you mentioned (isUserLoggedIn and internalWrite), but the strange thing is, that they don't seem to get called when the user loads a page. I added a die() to both of those functions and neither gets triggered. I don' t know if it matters, but currently I also have RequireUserLogin=true in site.ini.
|
|
André R.
|
Friday 05 June 2009 1:19:00 am
internalWrite is normally called after the page request, so there is no supries it doesn't stop the page, isUserLoggedIn on the other hand.. I'll try to look into it.
eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom
|
|
Tuomo Syvänperä
|
Tuesday 23 June 2009 3:32:33 am
Any new info about this? Still unable to solve this problem.
|
|
André R.
|
Tuesday 23 June 2009 5:55:55 am
Hi!
I have reproduced your issue and I think SessionTimeout setting is broken so I have created an issue for it where you can add more comments if you want:
http://issues.ez.no/IssueView.php?Id=15093&activeItem=1
eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom
|
|
André R.
|
Friday 21 August 2009 3:09:55 am
I must have been blind, expired sessions are removed by the gc (garbage collect) code.
This runs normally every 1000 request, as specified in php.ini session settings, however debian based linux distroes breaks this and have their own gc handling that is incomparable with eZ Publish(as in sessions aren't removed at all). So see above linked issue, there you'll find a bin script witch you can use to manually (or automatically using cronjob) use to remove expired sessions.
eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom
|
|
Alex Yes
|
Monday 30 November 2009 9:33:27 am
Not only debian based linux distroes break this. It is also not working on any website which does have less than 1000 page-impressions within the specified SessionTimeOut-Value.
|
|
Kirill V
|
Wednesday 03 November 2010 3:10:35 pm
"
Not only debian based linux distroes break this. It is also not working on any website which does have less than 1000 page-impressions within the specified SessionTimeOut-Value.
"
Gentlemen - A newbie question - are ActivityTimeout and SessionTimeout related in any way? ActivityTimeout seems to be intended to log the user out after certain inactivity period, and SessionTimeout just cleans up sessions, i.e. they do similar but different things. I am running ezPublish 4.2 on Centos, and so far haven't been able to reliably time out users after a certain period. If it matters - the 'save_path" setting in php.ini is commented out. Anybody knows how to make it work? Thanks much, Kirill
|
|
Gaetano Giunta
|
Thursday 04 November 2010 1:47:51 am
Afair, ActivityTimeout does not log the user out after a given inactivity period. It is in fact little used - you can see its results in the Admin Interface, where the list of sessions can be filtered by 'active' or 'all'. It is also used in user management to decide how often the 'user last visited' row in the db is updated, and in fetch functions that return the number of logged in users
Principal Consultant International Business
Member of the Community Project Board
|
|
Kirill V
|
Thursday 04 November 2010 5:57:02 am
"
Afair, ActivityTimeout does not log the user out after a given inactivity period. It is in fact little used - you can see its results in the Admin Interface, where the list of sessions can be filtered by 'active' or 'all'. It is also used in user management to decide how often the 'user last visited' row in the db is updated, and in fetch functions that return the number of logged in users
"
Thanks for the prompt reply. So there is no way to log the user out after NN minutes? Thanks, Kirill
|
|
Gaetano Giunta
|
Thursday 04 November 2010 8:58:45 am
Change SessionTimeout ?
Principal Consultant International Business
Member of the Community Project Board
|
|
Kirill V
|
Thursday 04 November 2010 11:10:03 am
"
Change SessionTimeout ?
"
It worked! Thanks mucho, Kirill
|
|
Hans Hansen
|
Thursday 20 January 2011 9:08:31 am
Hi great post, it was very useful to me:) http://www.fiskegrej-online.dk
|
