Uthando-CMS

Security log-out

Bug #828087 reported by Vivien Exon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Uthando-CMS
New
Undecided
Unassigned

Bug Description

I have no objection to being automatically logged out of the website when I've been inactive for a while but I do object to it logging me out when I'm in the middle of working. I lose what I've just done and it's very annoying.

Revision history for this message
vincentbluff (shaun-shaunfreeman) wrote :

As far as I can see the session should last for 24hrs and not log you out unless the cookie is destroyed by your browser.
When this happens what are you doing at the time?
Also how often does this occur?

I really don't know where to start looking unless I know what tasks this is affecting and how often.

I have looked at the session script and all seems to fine with that.

Revision history for this message
Vivien Exon (vivien-charismabeads) wrote : Re: [Bug 828087] Re: Security log-out

When entering new stock items or amending existing ones it apparently
randomly logs out every 20-30 minutes.

On 17/08/11 16:32, vincentbluff wrote:
> As far as I can see the session should last for 24hrs and not log you out unless the cookie is destroyed by your browser.
> When this happens what are you doing at the time?
> Also how often does this occur?
>
> I really don't know where to start looking unless I know what tasks this
> is affecting and how often.
>
> I have looked at the session script and all seems to fine with that.
>

Revision history for this message
Vivien Exon (vivien-charismabeads) wrote :

It also logs out if it hasn't been used for a couple of hours. No way
does it stay logged in for 24 hours.

On 17/08/11 16:32, vincentbluff wrote:
> As far as I can see the session should last for 24hrs and not log you out unless the cookie is destroyed by your browser.
> When this happens what are you doing at the time?
> Also how often does this occur?
>
> I really don't know where to start looking unless I know what tasks this
> is affecting and how often.
>
> I have looked at the session script and all seems to fine with that.
>

Revision history for this message
vincentbluff (shaun-shaunfreeman) wrote :

I have found the pesky problem. It seems the sessions where not sending the browser cookie updates when the session expired, so the browser just thought the session should only last 1 hour, which is the default we set. This was a big PHP problem a few people have experience.

Sorry for all the trouble this has caused.

This should be working properly now.

Please let me know if ok so I can close this issue.

Revision history for this message
Vivien Exon (vivien-charismabeads) wrote :

I've just had to log in again (3rd time today). We'll keep an eye on it.
I'll let you know the outcome.

Many thanks.

On 18/08/11 14:02, vincentbluff wrote:
> I have found the pesky problem. It seems the sessions where not sending
> the browser cookie updates when the session expired, so the browser just
> thought the session should only last 1 hour, which is the default we
> set. This was a big PHP problem a few people have experience.
>
> Sorry for all the trouble this has caused.
>
> This should be working properly now.
>
> Please let me know if ok so I can close this issue.
>

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.