[webmin-devel] Session timeout with miniserv.pl

[Colm D. <col...@gm...>]

Hi list,

I am trying to implement a webmin module whereby there is an
inactivity timeout on the user session.  I can't seem to find any
documentation of how I do this in the docs or in the list archives but
I guess I must have missed this.

I have been poking arond in miniserv.pl (from Webmin 1.020) and I
found something that seems to do exactly what I want :

            $session_id =3D $2;
            print $PASSINw "verify $session_id\n";
            <$PASSOUTr> =3D~ /(\d+)\s+(\S+)/;
            if ($1 =3D=3D 2) {
                # Valid session continuation
                $validated =3D 1;
                $authuser =3D $2;
                $already_session_id =3D $session_id;
                $already_authuser =3D $authuser;
                }
            elsif ($1 =3D=3D 1) {
                # Session timed out
                $timed_out =3D $2;
                }
            else {
                # Invalid session ID .. don't set verified
                }
            }

So if <PASSOUTr> were to have a value of "1  300" (say) it seems to me
that I would get taken to the login page with a message telling me I
have to login again because I've been inactive for 5mins.  Great -
that is exactly what I want.

My question is how can I trigger the timeout from a CGI script, I see
that PASSOUTr is a pipe but its not clear to me if or how I can write
to it from a CGI script.  Bascally, how can I use this functionality
without hacking miniserv,pl?

Also, is there a way that I can make it so that when the user confirms
their details from a timed out session they can use the same cookie
afterwards and not set a new cookie - perhaps it already works this
way, not sure.

Perhaps this funcionality is not supported any more or something but
I'd appreciate any advice people can give me on how I can do this, I
don't mind patching miniserv,pl if that is necessary.

Thanks,
Colm