[pmwiki-users] persistence of login (hello?)

Kathryn Andersen kat_lists at katspace.homelinux.org
Mon Jul 10 16:42:14 CDT 2006 

On Mon, Jul 10, 2006 at 02:06:27PM -0500, Patrick R. Michaud wrote:
> On Mon, Jul 10, 2006 at 10:24:23AM +1000, Kathryn Andersen wrote:
> > I am running PmWiki for our intranet at work, and users have been
> > complaining that they keep on getting logged out; they want the login to
> > last as long as the browser is open, but they log in, do stuff, and then
> > come back the next day to find that they've been logged out again.
> 
> I don't know of an obvious way to do this.  PmWiki uses PHP sessions
> to manage most of its login information, and by default PHP expires 
> sessions after approximately 24 minutes of inactivity.

Ah.
Which makes perfect sense in a situation where you have external access,
you want these to expire reasonably quickly.
 
> Which indirectly points to one possibility -- perhaps you can change
> PHP's session settings to keep track of logins over a longer 
> period of time.  To do this you'd probably want to make the following
> settings in the php.ini:
> 
>     session.gc_maxlifetime = 604800     # 7 days
>     session.cookie_lifetime = 2592000   # 30 days

Ah.
 
> The session.gc_maxlifetime causes PHP to keep sessions around for 
> at least a week, which means that the session will remain active 
> as long as someone accesses the wiki at least once per week.

Which would probably suit our setup.
 
> The second setting causes the PHP session cookie (used to keep
> track of the browser and map to the session) to last for 30 
> days.  Thus, after 30 days the browser would be prompted to
> log in again.

(nods)
 
> Of course, either of these settings could be made larger or smaller
> as desired.  On the other hand, if the server is being used for
> PHP scripts other than PmWiki, it's probably a good idea to localize 
> them to take effect only for the wiki (probably within the Apache 
> webserver configuration).

Pointers to docs for how to do that?
 
> You might want to also change the value of session.save_path so that
> these extended sessions are saved (and garbage collected) from somewhere
> other than the default directory that is shared by other PHP
> scripts on the server.

(nods)
 
> I can provide more information, but it would be good to know if
> you think these changes can be reliably made site-wide, or if
> it would be better to have a PmWiki-only solution (e.g., via changes
> in config.php).

In my case, it could be done site-wide, as I do have access to the
Apache server configuration (and I could change php.ini if necessary).
 
> Hope this helps,

Thanks muchly, it does!
 
Kathryn Andersen
-- 
 _--_|\     | Kathryn Andersen	<http://www.katspace.com>
/      \    | 
\_.--.*/    | GenFicCrit mailing list <http://www.katspace.com/gen_fic_crit/>
      v     | 
------------| Melbourne -> Victoria -> Australia -> Southern Hemisphere
Maranatha!  |	-> Earth -> Sol -> Milky Way Galaxy -> Universe

More information about the pmwiki-users mailing list