[pmwiki-users] persistence of login (hello?)

Marc Cooper gmane at auxbuss.com
Mon Jul 10 05:36:50 CDT 2006


Kathryn Andersen said...
> On Mon, Jul 10, 2006 at 09:38:18AM +0100, Marc Cooper wrote:
> > Kathryn Andersen said...
> > > I am running PmWiki for our intranet at work, and users have been
> > > complaining that they keep on getting logged out; they want the login to
> > > last as long as the browser is open, but they log in, do stuff, and then
> > > come back the next day to find that they've been logged out again.
> > > 
> > > Apache: 2.0.46
> > > PHP: 4.3.2
> > > PmWiki: 2.1.5
> > > using AuthUser + htpasswd + FAST Membership
> > > No password required for reading, just for editing.
> > > 
> > > What do I need to do to make sure that their logins don't expire (at
> > > least, don't expire for a month or something like that)?
> > > 
> > > Note that I have tried changing settings in Firefox to expire cookies
> > > only when the browser closes, and that doesn't seem to make any difference.
> > 
> > As far as I can see, log-ins are locked to the browser session. So, if 
> > you don't close the browser - or logout, obviously - then you should 
> > stay logged in. I'd also be interested to hear if this isn't so.
> 
> It isn't so

I gathered that :-) I meant from Pm and other gurus.

> -- at least with the above combination of programs and
> settings.  I mean, perhaps it *should* be so, but my users and I are
> still being mysteriously put into a state of not being logged in.
> 
> Would there be something that was timing out?  Like, you leave it
> overnight, and come back the next day and the login is gone...

Well, being a responsible global citizen, the very thought of leaving 
client machines switched on overnight is anathema, so this is not 
behaviour that I can test. If something is timing out, I can't see where 
it is - I had a look - so someone better than me needs to assist. Sorry.
 
> > That said, I can't speak for htpasswd and FAST Membership, since I don't 
> > use them. It would seem unlikely that would alter the session info. I 
> > had a quick look at the code, and neither seem to.
> 
> Yeah, it would seem rather odd for them to.
>  
> > I seem to remember that the default when changing attributes is to wipe 
> > the session - I switched it off - so that might be a place to look. I 
> > also have vague memories of a recipe doing the same.
> 
> Hmmm.  I haven't been changing any attributes.

Not you, but your users. You can stop this with:

## stop logout after attribs change 
$EnablePostAttrClearSession = 0;	

> Can you recall which particular recipe?

I had a look, but it was probably one that I was testing and decided not 
to use.

What I'd do is search your pmwiki hierarchy for "$_SESSION". It isn't 
used much and take a gander at anything that "unset"s the session 
variable. grep something like: unset.*\(.*\$_SESS

-- 
Best,
Marc





More information about the pmwiki-users mailing list