Login Timeouts

6 posts by 2 authors in: Forums > CMS Builder
Last Post: October 2, 2015   (RSS)

By ht1080z - September 27, 2015

Hi,

How can i change the way of the "Automatically expire login sessions" so logged in users through websiteMembership add-on do not expire or have an idle time and expire only after that?

The CMS login expiration has many reason to exist but in the application (driven by cmsBuilder and websiteMembership ) it is really frustrating to auto-logoff and expire users's session.

Any ideas are appreciated,
Karls

By gregThomas - September 30, 2015

Hey Karls, 

The automatic logout time is set to 30 minutes by default, but you can increase it as much as you want. If you log into the CMS, then go to General Settings, under Security Settings you'll see a field called Automatically expire sessions after (I've also attached an example screenshot). You can increase this to as much as you need.

Thanks!

Greg

Greg Thomas







PHP Programmer - interactivetools.com
Attachments:

CMS Builder.png 69K

By gregThomas - September 30, 2015

Hey Karls, 

I've had a look through the codebase and there isn't an easy way to separate the two cookie expiry times at the moment. But I've made a note of this feature request for future releases of the plugin.

Thanks,

Greg

Greg Thomas







PHP Programmer - interactivetools.com

By ht1080z - October 2, 2015 - edited: October 2, 2015

Hi Greg,

Is there no way to add to cmsBuilder and websiteMembership to expire logon session after the browser closed?

Regards,
Karls

By gregThomas - October 2, 2015

You can edit your CMSB install so that this happens, but it requires changing a core file. So we can't provide support for any issues related to the change, and it will be undone if you upgrade the CMS.

On line 367 of cmsb/lib/login_functions.php update this line:

  // set login cookie
  setPrefixedCookie(loginCookie_name(), $encodedLoginData, 0);  // save cookie until 2038, expiry is enforced by settings and loginCookie_get()

This will tell the browser that it has to log the user out when the browser closes. This will affect both the website membership and CMS logins. 

Just a note: while testing I noticed that to get Chrome to count as closed, you either have to restart your PC or close it from the icon in your taskbar.

Cheers,

Greg

Greg Thomas







PHP Programmer - interactivetools.com