webERP Forum
Session Duration - Printable Version

+- webERP Forum (http://www.weberp.org/forum)
+-- Forum: webERP Discussion (/forumdisplay.php?fid=1)
+--- Forum: How To ? (/forumdisplay.php?fid=6)
+--- Thread: Session Duration (/showthread.php?tid=8316)



Session Duration - skywalker - 12-21-2018 04:53 PM

Good day everyone,

How can I extend the session time before webERP does an automatic logout?

Thanks


RE: Session Duration - falkoner - 12-21-2018 06:41 PM

There is the $SessionLifeTime variable set in config.php, however it doesn't really work. What this actually does is to "specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up". However when the garbage collector actually gets around to cleaning it up is a different matter, and sometimes the session can live on for many hours.

The way I do it is with the following code in session.php:

PHP Code:
if (isset($_SESSION['LastActivity']) and (time() - $_SESSION['LastActivity']) > $SessionLifeTime) {
    if (
basename($_SERVER['SCRIPT_NAME']) != 'Logout.php') {
        
header('Location: Logout.php');
    }
} else {
    
$_SESSION['LastActivity'] = time();


which is maintaining a variable in the current session for when the last activity took place, and if it extends beyond $SessionLifeTime then the user is logged out. This accurately ensures user settings are closed when they should be.

Tim


RE: Session Duration - skywalker - 12-21-2018 06:59 PM

Thank you for the detailed response Tim. Does that code work with all cersions of webERP?

Thank you

(12-21-2018 06:41 PM)falkoner Wrote:  There is the $SessionLifeTime variable set in config.php, however it doesn't really work. What this actually does is to "specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up". However when the garbage collector actually gets around to cleaning it up is a different matter, and sometimes the session can live on for many hours.

The way I do it is with the following code in session.php:

PHP Code:
if (isset($_SESSION['LastActivity']) and (time() - $_SESSION['LastActivity']) > $SessionLifeTime) {
    if (
basename($_SERVER['SCRIPT_NAME']) != 'Logout.php') {
        
header('Location: Logout.php');
    }
} else {
    
$_SESSION['LastActivity'] = time();


which is maintaining a variable in the current session for when the last activity took place, and if it extends beyond $SessionLifeTime then the user is logged out. This accurately ensures user settings are closed when they should be.

Tim



RE: Session Duration - falkoner - 12-21-2018 07:03 PM

Yes, that should work fine in all versions. You should put the code after the login verification code and before the Upgrade Database code. Approximately line 196 of session.php of the file I am looking at (though depending on the version it may be slightly different on yours).

Tim