[pmwiki-users] persistence of login (hello?)
Marc Cooper
gmane at auxbuss.com
Mon Jul 10 05:36:50 CDT 2006
Kathryn Andersen said...
> On Mon, Jul 10, 2006 at 09:38:18AM +0100, Marc Cooper wrote:
> > Kathryn Andersen said...
> > > I am running PmWiki for our intranet at work, and users have been
> > > complaining that they keep on getting logged out; they want the login to
> > > last as long as the browser is open, but they log in, do stuff, and then
> > > come back the next day to find that they've been logged out again.
> > >
> > > Apache: 2.0.46
> > > PHP: 4.3.2
> > > PmWiki: 2.1.5
> > > using AuthUser + htpasswd + FAST Membership
> > > No password required for reading, just for editing.
> > >
> > > What do I need to do to make sure that their logins don't expire (at
> > > least, don't expire for a month or something like that)?
> > >
> > > Note that I have tried changing settings in Firefox to expire cookies
> > > only when the browser closes, and that doesn't seem to make any difference.
> >
> > As far as I can see, log-ins are locked to the browser session. So, if
> > you don't close the browser - or logout, obviously - then you should
> > stay logged in. I'd also be interested to hear if this isn't so.
>
> It isn't so
I gathered that :-) I meant from Pm and other gurus.
> -- at least with the above combination of programs and
> settings. I mean, perhaps it *should* be so, but my users and I are
> still being mysteriously put into a state of not being logged in.
>
> Would there be something that was timing out? Like, you leave it
> overnight, and come back the next day and the login is gone...
Well, being a responsible global citizen, the very thought of leaving
client machines switched on overnight is anathema, so this is not
behaviour that I can test. If something is timing out, I can't see where
it is - I had a look - so someone better than me needs to assist. Sorry.
> > That said, I can't speak for htpasswd and FAST Membership, since I don't
> > use them. It would seem unlikely that would alter the session info. I
> > had a quick look at the code, and neither seem to.
>
> Yeah, it would seem rather odd for them to.
>
> > I seem to remember that the default when changing attributes is to wipe
> > the session - I switched it off - so that might be a place to look. I
> > also have vague memories of a recipe doing the same.
>
> Hmmm. I haven't been changing any attributes.
Not you, but your users. You can stop this with:
## stop logout after attribs change
$EnablePostAttrClearSession = 0;
> Can you recall which particular recipe?
I had a look, but it was probably one that I was testing and decided not
to use.
What I'd do is search your pmwiki hierarchy for "$_SESSION". It isn't
used much and take a gander at anything that "unset"s the session
variable. grep something like: unset.*\(.*\$_SESS
--
Best,
Marc
More information about the pmwiki-users
mailing list