[pmwiki-users] Auth User: Expiration of session

Patrick R. Michaud pmichaud at pobox.com
Sat Oct 7 13:36:05 CDT 2006


On Sat, Oct 07, 2006 at 11:41:06AM +0200, Mike wrote:
> it seems that in the default configuration of Auth User, a user who has
> once logged in remains logged in permanently. Since many people forget
> to log out... is there a way to change that?

The default configuration of AuthUser is to honor PHP's session
settings -- i.e., a person is logged in until they (1) log out,
(2) close all browser windows, or (3) the session expires.  PHP's
default expiration time is given by the setting of session.gc_maxlifetime,
although the actual expiration time can be affected by the
setting of session.gc_maxlifetime in other PHP applications running
on the same server.

Note that keeping track of an author's name is handled separately
from authentication (validated identity via AuthUser).  PmWiki
uses a browser cookie to remember an Author's name for 30 days
(default).  So, if someone closes all browser windows and then
returns to PmWiki, PmWiki will remember their author name.  However,
any attempts to do things that require authorization will cause them
to again be prompted for a userid and password.

Pm




More information about the pmwiki-users mailing list