Re: [MRBS-general] Automatic Log Off
Brought to you by:
jberanek
From: Campbell M. <cam...@gm...> - 2013-07-21 11:06:06
|
I've now implemented automatic log off in the latest version of MRBS in the trunk (Rev 2742). Note that it is only implemented at the moment when using the 'php' session scheme. It is controlled by setting the config variable $auth["session_php"]["inactivity_expire_time"], set to 0 (no automatic log off) by default. Note also that if you JavaScript disabled and you have $refresh_rate set to a non-zero value, then the automatic refreshes will count as user activity. Campbell > -----Original Message----- > From: Campbell Morrison [mailto:cam...@gm...] > Sent: 20 July 2013 15:33 > To: 'General purpose list (support/developers/users)' > Subject: RE: [MRBS-general] Automatic Log Off > > My mistake. PHP session expiry is working as expected. I'd just > forgotten to delete an existing session cookie with a longer expiry > time. > > Campbell > > > > > -----Original Message----- > > From: Campbell Morrison [mailto:cam...@gm...] > > Sent: 18 July 2013 11:43 > > To: 'General purpose list (support/developers/users)' > > Subject: RE: [MRBS-general] Automatic Log Off > > > > Hmmm. I've just done some testing using both cookie and php > sessions. > > As far as I can see when using cookie sessions the expiry time will > > determine the time at which the session will expire regardless of > > whether there has been activity or not (and thus incidentally > > $refresh_rate makes no difference). This isn't what Hongfei was > > after. When using php sessions I can't get anything to expire at > > all. > > > > So I think this needs a bit more thought and investigation to > determine > > > > - what we want the expiry_time setting to do? Do we want it to end > > the session after n seconds regardless of activity? Maybe we want > > another setting that ends a session after so many seconds of > > inactivity? In which case presumably an automatic refresh by MRBS > > shouldn't count as user activity? (It's maybe a little easier to > > identify automatic refreshes in the latest version of MRBS because > they > > are now done via Ajax calls, if possible, and only refresh the parts > > that need to be refreshed, ie the main tables in the calendar views) > > - why the expiry time setting doesn't seem to work for php sessions. > > > > > > Campbell > > > > > > > > > > > -----Original Message----- > > > From: Campbell Morrison [mailto:cam...@gm...] > > > Sent: 18 July 2013 10:34 > > > To: 'General purpose list (support/developers/users)' > > > Subject: RE: [MRBS-general] Automatic Log Off > > > > > > The error message "Key must be a string" arises because you have > got > > > $auth["session_cookie"]["secret"] set to something that isn't a > > string. > > > By default in systemdefaults.inc.php it is set to > > > > > > // The encryption secret key for the session tokens. You are > strongly > > > // advised to change this if you use this session scheme > > > $auth["session_cookie"]["secret"] = "This isn't a very good > secret!"; > > > > > > I'd check your config file to see what you've got > > > $auth["session_cookie"]["secret"] set to. > > > > > > > > > Campbell > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: Hongfei Li [mailto:Hon...@uf...] > > > > Sent: 18 July 2013 02:33 > > > > To: General purpose list (support/developers/users) > > > > Subject: Re: [MRBS-general] Automatic Log Off > > > > > > > > Hi John, > > > > > > > > I put these three lines in config.inc.php. It doesn't work. > > > > > > > > $auth["session"] = "php"; > > > > $auth["session_php"]["session_expire_time"] = (60*5); // 5 > minutes > > > > $refresh_rate = 300; > > > > > > > > If I change to the cookie: > > > > > > > > $auth["session"] = "cookie"; > > > > $auth["session_cookie"]["session_expire_time"] = (60*5); // 5 > > minutes > > > > $refresh_rate = 300; > > > > > > > > It shows the error message: > > > > > > > > "Key must be a string" > > > > > > > > Thanks, > > > > Hongfei > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: John Beranek - MRBS Developer > > > > [mailto:jbe...@us...] > > > > Sent: Wednesday, July 17, 2013 4:20 PM > > > > To: General purpose list (support/developers/users) > > > > Subject: Re: [MRBS-general] Automatic Log Off > > > > > > > > On 16/07/2013 18:01, Hongfei Li wrote: > > > > > Hi Michael, > > > > > > > > > > Thanks for your help. I tried both of them. It seems not work. > We > > > are > > > > using LDAP authentication. Is there something else I need to > > specify? > > > > > > > > Have you also got $refresh_rate set to 300 seconds or less? > > > > > > > > John. > > > > > > > > -- > > > > John Beranek - MRBS Developer <http://mrbs.sourceforge.net/> > > > > > > > > To generalise is to be an idiot. > > > > -- William Blake > > > > > > > > ----------------------------------------------------------------- > -- > > -- > > > -- > > > > ------- > > > > See everything from the browser to the database with AppDynamics > > Get > > > > end-to-end visibility with application monitoring from > AppDynamics > > > > Isolate bottlenecks and diagnose root cause in seconds. > > > > Start your free trial of AppDynamics Pro today! > > > > > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.cl > > > > ktrk > > > > _______________________________________________ > > > > mrbs-general mailing list > > > > mrb...@li... > > > > https://lists.sourceforge.net/lists/listinfo/mrbs-general > > > > Want to unsubscribe: mailto:mrbs-general- > > > > re...@li...?subject=unsubscribe > > > > > > > > ----------------------------------------------------------------- > -- > > -- > > > -- > > > > ------- > > > > See everything from the browser to the database with AppDynamics > > > > Get end-to-end visibility with application monitoring from > > > AppDynamics > > > > Isolate bottlenecks and diagnose root cause in seconds. > > > > Start your free trial of AppDynamics Pro today! > > > > > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.cl > > > > ktrk > > > > _______________________________________________ > > > > mrbs-general mailing list > > > > mrb...@li... > > > > https://lists.sourceforge.net/lists/listinfo/mrbs-general > > > > Want to unsubscribe: mailto:mrbs-general- > > > > re...@li...?subject=unsubscribe |