AutoLogout modified by Tim Schofield

Tim Schofield — Tue, 15 Oct 2024 09:20:31 -0000

Problem

Automatic timeout

Currently webERP will timeout after a number of seconds. This number is defined by the $SessionLifeTime variable setup in the config.php script. However this doesn't immediately return the user to the login page, just sits there until the user tries to use webERP, and it only then takes them back to the login page. Potentially this is a security problem as anything left on the users screen would be visible to anyone looking at the screen.

Persistant chosen module

Also when the user logs back in to webERP they are taken back to the first module in the list, regardless of which module they were last in.

Solution

Automatic timeout

This can be solved by inserting the line

echo '<meta http-equiv="refresh" content="' . (60 * $_SESSION<span>['Timeout']</span>) . ';url=Logout.php">';

into the html headers in the includes/header.php script. This line creates a timeout in seconds (60 * $_SESSION['Timeout']), and automatically calls the Logout.php script when that timeout interval is reached. $_SESSION['Timeout'] is the interval in minutes, which is defined in the www_users table. Each user can have their own timeout interval set.

Persistant chosen module

When the user selects a new module, that module is held in a session variable, and then on Logout (whether automatic, or manual) that module is then stored in the database. When the user next logs in (even if not on the same device) that module is retrieved from the database, and the specific module page is loaded.

Recent changes to AutoLogout

AutoLogout modified by Tim Schofield

Problem

Automatic timeout

Persistant chosen module

Solution

Automatic timeout

Persistant chosen module