User on frontend not logged out after Session Lifetime expires #11756
Comments
|
How are you determining the user is still logged in on the front end? I just did a test (after setting lifetime to 5 as I am not patient) and in the backend it reports that the front end user is not logged in This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/11756. |
|
Confirmed:
|
|
But can you do anything?
|
|
If you're on a page with a keepalive behavior that would cause it. IIRC On Tuesday, August 23, 2016, bertmert notifications@github.com wrote:
|
|
@brianteeman @mbabker |
|
When the page loads, view its source. Check if you see something similar to this in the window.setInterval(function(){var r;try{r=window.XMLHttpRequest?new XMLHttpRequest():new ActiveXObject("Microsoft.XMLHTTP")}catch(e){}if(r){r.open("GET","/index.php?option=com_ajax&format=json",true);r.send(null)}},840000);If you do, that means something has triggered a keepalive behavior. What it does is send AJAX request behind the scenes to basically refresh the session to keep it from expiring. So when you have that snippet on your page, it is expected behavior that the session doesn't expire because there's a script running in the background to keep it from expiring. |
|
Thank you. @BurtNL (When things become routine one forgets why setting it for years in any form ;-) ) |
ghost
mentioned this issue
|
Closing this as expected behaviour |
|
Joomla 3.6.5 Version I have the same Problem with joomla Session. It works fine between 1 and 5 Minutes. Above 5 Minutes it works only for backend. Wenn i setup session time under 6 minutes all works fine. But 5 minutes is little time for an Admin. |
It seems to me that logged in users on the frontend of a website are not automatically logged out after they have been idle for more than the Session Lifetime set in Global Configuration > System.
In my case it is set to 15 minutes. When I am logged in at the website and do nothing for more than 15 minutes the session doesn't expire, even after 30 minutes I am still logged in and can do things, like change Profile settings.
I see this behaviour in the current 3.6.2 and in 3.6.3-dev.
Steps to reproduce the issue
Install a fresh 3.6.3-dev, set Session Lifetime to 15 minutes.
Create a useraccount and login at the frontend of the website.
Take a break and come back after more than 15 mintues (of whatever is set in Session Lifetime).
Check if you are still logged in, which should not be the case.
Expected result
The session should have expired and the user should login again.
Actual result
The session doesn't seem to expire and the user is still logged in.
System information (as much as possible)
Joomla 3.6.2 on WAMP (local test)
Joomla 3.6.3-dev on WAMP (local test)
Additional comments
Although the user on the frontend is still logged in the administrator in the backend is logged out after those 15 minutes. So for the backend it seems to work properly.
I hope I didn't miss an ordinary setting somewhere or overlooked a setting.
The text was updated successfully, but these errors were encountered: