Replace KeepSessionOnBrowserClose functionality in favor of existing "Remember Me" functionality

2 views
Skip to first unread message

Alexander Obuhovich

unread,
Nov 5, 2009, 2:48:53 PM11/5/09
to in-por...@googlegroups.com
We have "Remember Me" functionality on Front-End, that keeps user logged in due 1 month. For administrative console we have configuration variable named KeepSessionOnBrowserClose (off by default), that keeps administrator logged in even after browser is closed and is opened again. I propose, that we remove KeepSessionOnBrowserClose configuration variable and related functionality and add "Remember Me" checkbox after "Save username on this computer" checkbox on login form for administrative console.

What you think about this? Is this needed at all? Is KeepSessionOnBrowserClose functionality needed?

--
Best Regards,

http://www.in-portal.org
http://www.alex-time.com

Alexander Obuhovich

unread,
Nov 9, 2009, 6:59:58 AM11/9/09
to in-por...@googlegroups.com
Also I've noticed, that KeepSessionOnBrowserClose functionality affects Front-End as well. I propose we set "sid" cookie expiration till browser is closed (default php session behavior) and when cookie is present (browser wasn't closed), but there were no user activity for 1 hour (configurable via administrative console already), then we assume, that's it is 100% session expiration and process it as usual (nothing on Front-End, special message in administrative console).

Alexander Obuhovich

unread,
Nov 9, 2009, 7:04:32 AM11/9/09
to in-por...@googlegroups.com
Another idea in that direction: move expired session deletion code to regular event/agent to be run after page is displayed. This will reduce page load for sites with many visitors/users.

Dmitry A.

unread,
Nov 12, 2009, 11:54:27 AM11/12/09
to In-Portal Development
Sorry for some delay with replying here.

1. Yes, I think we need to remove this "KeepSessionOnBrowserClose"
option since it's redundant. Remember me would do that job at least
suppose to do.

2. In regards refactoring the method and moving into the Agent - yes
it makes sense to me.


Do we have a task for this issue yet?


Cheers and talk soon!

Alexander Obuhovich

unread,
Nov 12, 2009, 12:36:40 PM11/12/09
to in-por...@googlegroups.com
No, please create one for me.
> --
>
> You received this message because you are subscribed to the Google Groups
> "In-Portal Development" group.
> To post to this group, send email to in-por...@googlegroups.com.
> To unsubscribe from this group, send email to
> in-portal-de...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/in-portal-dev?hl=.
>
>
>

--
Sent from my mobile device

Dmitry A.

unread,
Nov 22, 2009, 2:08:04 PM11/22/09
to In-Portal Development
Sounds good,

Two tasks were created:


1. 428: Remove deprecated "KeepSessionOnBrowserClose" variable and
code.

http://tracker.in-portal.org/view.php?id=428



2. 429: Move Deletion of "Expired Sessions" to Regular Event run as
Agent

http://tracker.in-portal.org/view.php?id=429



Cheers!

DA.

On Nov 12, 11:36 am, Alexander Obuhovich <aik.b...@gmail.com> wrote:
> No, please create one for me.
>
Reply all
Reply to author
Forward
0 new messages