Login Timeouts

Hey Karls, 

The automatic logout time is set to 30 minutes by default, but you can increase it as much as you want. If you log into the CMS, then go to General Settings, under Security Settings you'll see a field called Automatically expire sessions after (I've also attached an example screenshot). You can increase this to as much as you need.

Thanks!

Greg

Hi Greg,

and thank you for your reply.

My question is pointed out the weakness of this option exactly.

I need to keep low this timeout value for security reason but this break user's experience outside of the cms (in a web application) with the continuous session expiration.

I searching for a method or a custom solution that separates the CMS from the websiteMembership driven web-app timeouts.

PS: if there is no way to make this option separated and if i keep the CMS management very strict (required logoff) may can increase the value to hours so i can live with it.

Regards,
Karls

Hey Karls, 

I've had a look through the codebase and there isn't an easy way to separate the two cookie expiry times at the moment. But I've made a note of this feature request for future releases of the plugin.

Thanks,

Greg

You can edit your CMSB install so that this happens, but it requires changing a core file. So we can't provide support for any issues related to the change, and it will be undone if you upgrade the CMS.

On line 367 of cmsb/lib/login_functions.php update this line:

  // set login cookie
  setPrefixedCookie(loginCookie_name(), $encodedLoginData, 0);  // save cookie until 2038, expiry is enforced by settings and loginCookie_get()

This will tell the browser that it has to log the user out when the browser closes. This will affect both the website membership and CMS logins. 

Just a note: while testing I noticed that to get Chrome to count as closed, you either have to restart your PC or close it from the icon in your taskbar.

Cheers,

Greg