I am using joomla 1.5.My login is with standar joomla module , I am having the request to automatically logoff users once thy close their browser, I dont know how Joomla handles the session or if is there any trick I can do to make this.. Thanks in advance
You could turn off cookies, I suppose - Check the Global Configuration.
For anyone else looking at this.
You can't clear a session when somebody closes the browser as the server doesn't know this has happened and the session data is stored on the server.
You can't disable cookies as then no one would be able to log in.
In global configuration you can set the session lifetime value to something like 15 minutes and if there is no activity in that period of time the user is automatically logged out.
Related
Let's suppose I'd opened two or more user sessions on two or more devices (same user with not admin privileges).
At the current session, if I log out, it means all others sessions will also close? If not, is there a way to do this by an URL request?
something like this:
User call a method, ex: [plone-site]/close-all-sessions-except-this;
Results on: all user sessions, opened on the others devices are closed.
Would be better if this method were native in plone.
gmail has this feature. I think it's an important security and privacy issue.
Not really sure what you are asking, but if you want to automatically logout all authenticated users (not only one user) you can:
Go to ZMI
Enter inside acl_users
Select the session plugin
In the "Invalidate all session identifiers" section click the "Clear secrets" button.
As you can read there:
By clicking the button below you clear all secrets used to validate
sessions. This will immediately log out all users who use session
authentication and require them to log in again.
That's a nice feature request, would you mind opening an issue? AFAIK Plone doesn't include that by default.
When you log out of one session Plone will close all sessions for that browser AND site URL, because the session is stored in a cookie set to site's domain. However Plone won't log you out from other browsers/devices, nor in the edge case you're accessing the site by IP, if that's available.
I've developed an app in laravel and sentry2 as ACL. Login occurs through SAML.
Whenever a user logs in from SAML is redirected to my app where I check server variables, and if credentials are correct I let him pass to the site with sentry.
My issue occurs when I try to log in with the same account in two different browsers. Looks like when I log in in the second browser the existing session in the other browser gets overrided.
I've found out this looking into sessions table:
http://pastebin.com/6iEnRkEs
Any ideas? Will appreciate your help on this very much.
Thanks a lot!
Pablo
EDIT:
The idea would be that the app work like gmail/fb that allows the user to be logged in both browsers at the same time.
It's correct the way it is.
Different browsers different sessions. This is a security feature/matter every single app should enforce.
If you log in a different browser how could Laravel tell if it's not a different person login in from a different computer in the same network? Log someone off in this case it's also the correct thing to do, because if some kind of exploit is happening, user will see something is wrong and, maybe, change his/her password.
Some (ie: banking) also do: different browser tabs, different sessions, but this is not the Laravel case.
I developed web application based on CakePHP 1.3 platform. Application uses Auth component, so only authenticated users can use it.
But some of the users have problem that application log them out for some of the time. Problem is that I can not find out why they are getting logged out, since I don't face that problem. Also tried to be loged in application for few hours, and I do not have those problems at all.
Just to mention that sessions are defined to be saved as 'cake' and security level as low, in core.php file:
Configure::write('Session.save', 'cake');
Configure::write('Security.level', 'low');
Also, they do not change ther IP address.
Can you give me some thoughts where can be a problem?
UPDATE: I need some of your thoughts... Can be a problem be caused by some of jQuery functions, that they kill some of the sessions or cookie values? Biggest issue here is that I can not simulate problems users have, because it works fine on my side... and only thing is to guess where problem is.........
They get logged out if their session expires. Take a look here to increase the time on the session http://php-freelancer.in/2009/11/30/cakephp-session-timeout-or-change-session-length-in-cakephp/
Edit: If security isn't that much of an issue, consider using cookies to remember the login.
I am working in ASP.net 3.5 C#. What i am trying to do is when Session_End event gets called, I want to update the logged in User's status in database that the current User has logged out by any means (Logged out manually, Session time out etc. It calls Session_End Event). The problem is i am not bale to maintain the UserID. I can't access Session variable as session has already expired cookies also dint work for me.
Please suggest a solution.
Thanks a lot
Regards
Vivek
Try pushing the UserID to ViewState, if you have a BasePage from which all your pages inherit or if you use MasterPage then it should be quite easy to push the UserID to viewstate on each page. Cookies should be alive beyond session life. Are you setting Expiry time to your cookie?
You should be able to access session variables in Session_End event. All data stored in a session are deleted after the Session_End event finished. But you should be careful, because sessions are created for all visitors. If you store UserID in a session then it can be null inside Session_End if someone viewed the login page, but did not log in. It is not recommended to set the session timeout to days, because these sessions may fill all server memory.
We have a CodeIgniter based SAAS application. Sessions are stored in the database.
We use this class as a replacement for CI sessions
With one specific customer ( same office, multiple users, same IP ), the session is getting reset or destroyed on a page refresh.
This has never happened before with any other users or from other location. I am not able to reproduce this issue.
Steps:
User Logs in & sees home Page.
User begins navigation by clicking some link
Session times out and they are prompted to login again
And this continues after each login.
Session expiration is set to 3000 s and time_reference is GMT and sess_time_to_update = 300 s.
Any help on how to go about investigating this issue will help.
This happens in IE , Chrome and therefore does not seem to be a browser issue.
This same set of users have never had this issue before.
check the size of the session cookie. maybe it is larger than the allowed size > 4096. I know it's a long shot, but try it out nevertheless.