[pmwiki-users] automatic logout ?

ThomasP pmwikidev at sigproc.de
Tue Jul 24 05:32:28 CDT 2007


On Thu, July 19, 2007 22:18, Ben Wilson wrote:
> On 7/19/07, Christophe David <pmwiki at christophedavid.org> wrote:
> [...]
>>
>> Any idea how to make an inactivity timeout that actually works ;-) ?
>
> I developed a system with an inactivity timeout. What you need to do
> is track session data on the server side. Each time the user accesses,
> you update his mtime. If the delta between his last mtime and current
> access is greater than your limit (e.g. 600 seconds), then you force a
> time out. You could probably also track his mtime in the cookie the
> same way.
>

Just follow-up for completeness:

The above mentioned server-sidely enforcement is included in UserAuth2.
You can set a maximum inactivity time and a maximum absolute session life
time via the variables

SDV($UA2SessionMaxInactivityTime, 2*60*60); // In seconds, default 2 hours.
SDV($UA2SessionMaxLifeTime,      24*60*60); // In seconds, default 1 day.

This is perfectly working, independently from browser honesty or clock. It
is done by keeping record of times in the session array.

ThomasP





More information about the pmwiki-users mailing list