Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Session Duration
12-21-2018, 04:53 PM,
#1
Session Duration
Good day everyone,

How can I extend the session time before webERP does an automatic logout?

Thanks
Reply
12-21-2018, 06:41 PM, (This post was last modified: 12-21-2018, 06:41 PM by TimSchofield.)
#2
RE: Session Duration
There is the $SessionLifeTime variable set in config.php, however it doesn't really work. What this actually does is to "specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up". However when the garbage collector actually gets around to cleaning it up is a different matter, and sometimes the session can live on for many hours.

The way I do it is with the following code in session.php:

PHP Code:
if (isset($_SESSION['LastActivity']) and (time() - $_SESSION['LastActivity']) > $SessionLifeTime) {
    if (
basename($_SERVER['SCRIPT_NAME']) != 'Logout.php') {
        
header('Location: Logout.php');
    }
} else {
    
$_SESSION['LastActivity'] = time();


which is maintaining a variable in the current session for when the last activity took place, and if it extends beyond $SessionLifeTime then the user is logged out. This accurately ensures user settings are closed when they should be.

Tim
Reply
12-21-2018, 06:59 PM,
#3
RE: Session Duration

Thank you for the detailed response Tim. Does that code work with all cersions of webERP?

Thank you

(12-21-2018, 06:41 PM)falkoner Wrote: There is the $SessionLifeTime variable set in config.php, however it doesn't really work. What this actually does is to "specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up". However when the garbage collector actually gets around to cleaning it up is a different matter, and sometimes the session can live on for many hours.

The way I do it is with the following code in session.php:

PHP Code:
if (isset($_SESSION['LastActivity']) and (time() - $_SESSION['LastActivity']) > $SessionLifeTime) {
    if (
basename($_SERVER['SCRIPT_NAME']) != 'Logout.php') {
        
header('Location: Logout.php');
    }
} else {
    
$_SESSION['LastActivity'] = time();


which is maintaining a variable in the current session for when the last activity took place, and if it extends beyond $SessionLifeTime then the user is logged out. This accurately ensures user settings are closed when they should be.

Tim

Reply
12-21-2018, 07:03 PM,
#4
RE: Session Duration
Yes, that should work fine in all versions. You should put the code after the login verification code and before the Upgrade Database code. Approximately line 196 of session.php of the file I am looking at (though depending on the version it may be slightly different on yours).

Tim
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)