[pmwiki-users] Auth User: Expiration of session

Mike mike at widowitz.com
Mon Oct 9 04:01:12 CDT 2006


Patrick R. Michaud wrote on 07.10.2006 20:36:
> On Sat, Oct 07, 2006 at 11:41:06AM +0200, Mike wrote:
>> it seems that in the default configuration of Auth User, a user who has
>> once logged in remains logged in permanently. Since many people forget
>> to log out... is there a way to change that?
> The default configuration of AuthUser is to honor PHP's session
> settings -- i.e., a person is logged in until they (1) log out,
> (2) close all browser windows, or (3) the session expires.  PHP's
> default expiration time is given by the setting of session.gc_maxlifetime,
> although the actual expiration time can be affected by the
> setting of session.gc_maxlifetime in other PHP applications running
> on the same server.
> Note that keeping track of an author's name is handled separately
> from authentication (validated identity via AuthUser).  PmWiki
> uses a browser cookie to remember an Author's name for 30 days
> (default).  So, if someone closes all browser windows and then
> returns to PmWiki, PmWiki will remember their author name.  However,
> any attempts to do things that require authorization will cause them
> to again be prompted for a userid and password.
> Pm

More information about the pmwiki-users mailing list