Replace KeepSessionOnBrowserClose functionality in favor of existing "Remember Me" functionality
2 views
Skip to first unread message
Alexander Obuhovich
unread,
Nov 5, 2009, 2:48:53 PM11/5/09
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to in-por...@googlegroups.com
We have "Remember Me" functionality on Front-End, that keeps user logged in due 1 month. For administrative console we have configuration variable named KeepSessionOnBrowserClose (off by default), that keeps administrator logged in even after browser is closed and is opened again. I propose, that we remove KeepSessionOnBrowserClose configuration variable and related functionality and add "Remember Me" checkbox after "Save username on this computer" checkbox on login form for administrative console.
What you think about this? Is this needed at all? Is KeepSessionOnBrowserClose functionality needed?
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to in-por...@googlegroups.com
Also I've noticed, that KeepSessionOnBrowserClose functionality affects Front-End as well. I propose we set "sid" cookie expiration till browser is closed (default php session behavior) and when cookie is present (browser wasn't closed), but there were no user activity for 1 hour (configurable via administrative console already), then we assume, that's it is 100% session expiration and process it as usual (nothing on Front-End, special message in administrative console).
Alexander Obuhovich
unread,
Nov 9, 2009, 7:04:32 AM11/9/09
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to in-por...@googlegroups.com
Another idea in that direction: move expired session deletion code to regular event/agent to be run after page is displayed. This will reduce page load for sites with many visitors/users.
Dmitry A.
unread,
Nov 12, 2009, 11:54:27 AM11/12/09
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to In-Portal Development
Sorry for some delay with replying here.
1. Yes, I think we need to remove this "KeepSessionOnBrowserClose"
option since it's redundant. Remember me would do that job at least
suppose to do.
2. In regards refactoring the method and moving into the Agent - yes
it makes sense to me.
Do we have a task for this issue yet?
Cheers and talk soon!
Alexander Obuhovich
unread,
Nov 12, 2009, 12:36:40 PM11/12/09
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message