Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Session Duration
12-21-2018, 04:53 PM
Post: #1
Session Duration
Good day everyone,

How can I extend the session time before webERP does an automatic logout?

Thanks
Find all posts by this user
Quote this message in a reply
12-21-2018, 06:41 PM (This post was last modified: 12-21-2018 06:41 PM by falkoner.)
Post: #2
RE: Session Duration
There is the $SessionLifeTime variable set in config.php, however it doesn't really work. What this actually does is to "specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up". However when the garbage collector actually gets around to cleaning it up is a different matter, and sometimes the session can live on for many hours.

The way I do it is with the following code in session.php:

PHP Code:
if (isset($_SESSION['LastActivity']) and (time() - $_SESSION['LastActivity']) > $SessionLifeTime) {
    if (
basename($_SERVER['SCRIPT_NAME']) != 'Logout.php') {
        
header('Location: Logout.php');
    }
} else {
    
$_SESSION['LastActivity'] = time();


which is maintaining a variable in the current session for when the last activity took place, and if it extends beyond $SessionLifeTime then the user is logged out. This accurately ensures user settings are closed when they should be.

Tim
Visit this user's website Find all posts by this user
Quote this message in a reply
12-21-2018, 06:59 PM
Post: #3
RE: Session Duration
Thank you for the detailed response Tim. Does that code work with all cersions of webERP?

Thank you

(12-21-2018 06:41 PM)falkoner Wrote:  There is the $SessionLifeTime variable set in config.php, however it doesn't really work. What this actually does is to "specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up". However when the garbage collector actually gets around to cleaning it up is a different matter, and sometimes the session can live on for many hours.

The way I do it is with the following code in session.php:

PHP Code:
if (isset($_SESSION['LastActivity']) and (time() - $_SESSION['LastActivity']) > $SessionLifeTime) {
    if (
basename($_SERVER['SCRIPT_NAME']) != 'Logout.php') {
        
header('Location: Logout.php');
    }
} else {
    
$_SESSION['LastActivity'] = time();


which is maintaining a variable in the current session for when the last activity took place, and if it extends beyond $SessionLifeTime then the user is logged out. This accurately ensures user settings are closed when they should be.

Tim
Find all posts by this user
Quote this message in a reply
12-21-2018, 07:03 PM
Post: #4
RE: Session Duration
Yes, that should work fine in all versions. You should put the code after the login verification code and before the Upgrade Database code. Approximately line 196 of session.php of the file I am looking at (though depending on the version it may be slightly different on yours).

Tim
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)