[pmwiki-users] automatic logout ?

Patrick R. Michaud pmichaud at pobox.com
Thu Jul 19 15:32:04 CDT 2007


On Thu, Jul 19, 2007 at 09:33:26PM +0200, Christophe David wrote:
> >>At any rate, there's a special-purpose session_set_cookie_params()
> >>function that seems to do exactly what you want.  So, to automatically
> >>log out after 10 minutes, try (in local/(farm)config.php):
> >>    session_set_cookie_params(10 * 60);
> 
> >For what it's worth, I'm using authuser and neither of the below log me out
> >after 2 minutes of inactivity:
> >ini_set('session.cookie_lifetime', time() + 2 * 60);
> >session_set_cookie_params(2 * 60);
> 
> My own testing shows the same ;-(   

Keep in mind that setting the cookie params as above requires
that the server clock and browser clock be somewhat well-synced --
the cookie will expire based on the browser's notion of the time,
not the server's notion.  So, if the browser and server have different
notions of the current time, there may be some slop in the timeout
(with the amount of slop proportional to the differences in the clocks).

> Futhermore, it seems to behave
> like with a persistent cookie: even closing the browser and restarting
> it keeps the athentication level...

Ah yes, this would be a side effect of the above approach.
> 
> What I would expect is the behaviour of a non persistent cookie with
> limited lifetime, thus expiring when closing the browser or after the
> specified lifetime.
> 
> Any idea how to make an inactivity timeout that actually works ;-) ?

Something like what Ben Wilson suggests in his reply to your
message ought to work.  PmWiki doesn't have its own inactivity
timeout -- it prefers to simply use whatever timeout facilities
are provided by PHP.

Pm



More information about the pmwiki-users mailing list