+- webERP Forum (http://www.weberp.org/forum)
+-- Forum: webERP Discussion (http://www.weberp.org/forum/forumdisplay.php?fid=1)
+--- Forum: How To ? (http://www.weberp.org/forum/forumdisplay.php?fid=6)
+--- Thread: Session Duration (/showthread.php?tid=8316)
Session Duration - skywalker - 12-21-2018
Good day everyone,
How can I extend the session time before webERP does an automatic logout?
Thanks
RE: Session Duration - TimSchofield - 12-21-2018
There is the $SessionLifeTime variable set in config.php, however it doesn't really work. What this actually does is to "specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up". However when the garbage collector actually gets around to cleaning it up is a different matter, and sometimes the session can live on for many hours.
The way I do it is with the following code in session.php:
PHP Code:
if (isset($_SESSION['LastActivity']) and (time() - $_SESSION['LastActivity']) > $SessionLifeTime) {
if (basename($_SERVER['SCRIPT_NAME']) != 'Logout.php') {
header('Location: Logout.php');
}
} else {
$_SESSION['LastActivity'] = time();
}
which is maintaining a variable in the current session for when the last activity took place, and if it extends beyond $SessionLifeTime then the user is logged out. This accurately ensures user settings are closed when they should be.
Tim
RE: Session Duration - skywalker - 12-21-2018
Thank you for the detailed response Tim. Does that code work with all cersions of webERP?
Thank you
(12-21-2018, 06:41 PM)falkoner Wrote: There is the $SessionLifeTime variable set in config.php, however it doesn't really work. What this actually does is to "specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up". However when the garbage collector actually gets around to cleaning it up is a different matter, and sometimes the session can live on for many hours.
The way I do it is with the following code in session.php:
PHP Code:if (isset($_SESSION['LastActivity']) and (time() - $_SESSION['LastActivity']) > $SessionLifeTime) {
if (basename($_SERVER['SCRIPT_NAME']) != 'Logout.php') {
header('Location: Logout.php');
}
} else {
$_SESSION['LastActivity'] = time();
}
which is maintaining a variable in the current session for when the last activity took place, and if it extends beyond $SessionLifeTime then the user is logged out. This accurately ensures user settings are closed when they should be.
Tim
RE: Session Duration - TimSchofield - 12-21-2018
Yes, that should work fine in all versions. You should put the code after the login verification code and before the Upgrade Database code. Approximately line 196 of session.php of the file I am looking at (though depending on the version it may be slightly different on yours).
Tim