Length of session

Haara · **Posted:** Thu Oct 12, 2006 2:33 pm

Does anyone know how long the logged in session last from your last active thing* done here?

*posting, browsing or anything that doesn't involve just having the site open...

I ask this since I havn't been able to find that answer by myself.

I have experienced beeing logged out automaticaly some times when having this site open at the same time I browse other sites and when coming back here I have to logg in again...

I do not think of this as a problem, I just want to know for how long I can "stay aaway", but stil beeing logged in!

Scott Bedard · **Posted:** Thu Oct 12, 2006 2:42 pm

A session with an undetermined time will last (i think) a default time of 5 minutes. But if you wanted to make it longer, you could use the following php code.

Code:

/* X = session time, in minutes */
session_cache_expire(X);

session_start();

For more info on sessions though, check php.net

Haara · **Posted:** Thu Oct 12, 2006 2:58 pm

Well, I was thinking about this site, and I don't think it is a good thing to medle with it. By two reasons...

1 I am not good at such things, meaning high risk something goes wrong

2 Wouldn't think it is appreciated to change such a thing

Anyway, I have a feeling that it is a bit more than five minutes here...

away · **Joined:** Tue Oct 07, 2003 10:00 pm

I think you forgot

3 I don't have the necessary access.

I could be wrong, but I don't think so... this ought to be a server side parameter. Scott, are you sure Haara can do this here?

Haara · **Posted:** Thu Oct 12, 2006 4:36 pm

Stefan Pochmann wrote:

I think you forgot

3 I don't have the necessary access.

Right on the spot, I just didn't thought of that when responding earlier...

Scott Bedard · **Posted:** Thu Oct 12, 2006 7:00 pm

No, Haara cant, only Sandy can. You'd need FTP access and a decent mind of PHP. Also some knowledge of the phpBB system couldn't hurt.

Bryan · **Posted:** Thu Oct 12, 2006 7:57 pm

Is there a reason you can't do the "Keep me logged in"? Or are you doing this from public terminals?

Also, shell access would be much better to develop than FTP, because you can easily check things from the command line that you can't from a web browser.

Haara · **Posted:** Thu Oct 12, 2006 11:59 pm

blogan wrote:

Is there a reason you can't do the "Keep me logged in"? Or are you doing this from public terminals?

Well, I can use that feature, but the point of the question wasn't to point out any problem I had or so, it was just a thing i liked to know...

perfredlund · **Joined:** Fri May 06, 2005 10:13 am **Location:** Norway

Hi

There is really only one good way to have eternal *sessions*. And that is to have no sessions at all. But i guess this issue is not really about sessions, not technically. The issue is about being authenticated persistently which is a slightly different thing.

There's 3 ways that i can think of right now for being authenticated over a period of time.

1 - store user authentication information in a server-side session
2 - store user authentication information in a server-side database (or file)
3 - use client-side cookies

Or some combination. Anything clientside is a bit controversial from a security perspective :wink:

Cheers!

-Per

Length of session

Who is online