I wanted to disable user auto timeout session for joomla (I am using joomla 1.5), so the user login to my site will stay forever without being kicked out by auto timeout. How to achieve that? Please help.
Thank you.
It's a setting in the login module. If you enable the "Remember Me" option, users will not be logged out unless they click the logout button. You can also modify the form so that the Remember Me option is a hidden field rather than a checkbox to default all users to stay logged in all the time.
Related
Let's suppose I'd opened two or more user sessions on two or more devices (same user with not admin privileges).
At the current session, if I log out, it means all others sessions will also close? If not, is there a way to do this by an URL request?
something like this:
User call a method, ex: [plone-site]/close-all-sessions-except-this;
Results on: all user sessions, opened on the others devices are closed.
Would be better if this method were native in plone.
gmail has this feature. I think it's an important security and privacy issue.
Not really sure what you are asking, but if you want to automatically logout all authenticated users (not only one user) you can:
Go to ZMI
Enter inside acl_users
Select the session plugin
In the "Invalidate all session identifiers" section click the "Clear secrets" button.
As you can read there:
By clicking the button below you clear all secrets used to validate
sessions. This will immediately log out all users who use session
authentication and require them to log in again.
That's a nice feature request, would you mind opening an issue? AFAIK Plone doesn't include that by default.
When you log out of one session Plone will close all sessions for that browser AND site URL, because the session is stored in a cookie set to site's domain. However Plone won't log you out from other browsers/devices, nor in the edge case you're accessing the site by IP, if that's available.
I've set a Joomla site password policy via users > options.
If I add a new user via the backend and try to set an insecure password, the policy seems to work and I get the appropriate error message.
If the user logs in, goes to their profile and changes their password, the password policy is still enforced.
However, if the user goes to the login screen, chooses 'Forgot your password' they are able to choose a new password which doesn't pass the policy.
I'm using the default Joomla login and registration extensions and as far as I can see, there's nothing else that could be causeing a conflict.
Does anyone have some suggestions on where to look?
EDIT
Site is using Joomla! 3.3.6 Stable, which is currently the latest version of Joomla
Thanks a lot!
Am using struts2 to create login and logout functionality, when user login i will create the session for him,by using interceptor i will filter all users if they are in session or not if the session not created i will redirect the page to login........my problem is once i done logout that will redirect to the login page but when user click browser back button the page will get refreshed and again that will login ,,,,,,could anybody help me out from this problem
Thanks in advance
When you click "<-" button on browser the browser renders the page from its cache. So server does not know if you have click back button. In your case when user clicks back button, page is loaded from cache but it does not mean that session is again created for that user as logged in. When user will click on any authorized link on that page, your server side code will check that user has no valid session and login page will be returned.
Solution: However if you do not want user to get cached page then you can load a script say checkLogin.js for every page in your site. This script should be executed on load event of the pages. When user logs out, set a variable in cookie indicating that user has logged out. When user clicks back button then that script will be executed. That script will check, using the mentioned cookie variable, if user has logged out. If user had logged out then redirect to login page using javascript.
To avoid that refreshing i have redirect my page to menu after loginsuccess not forward i have escaped from that ghost problem
use like this in ur struts.xml
<result name= success" type="redirect">Menu.jsp</result>
thanks for all
In my website i want to implement the functionality of re-login after the page sits idle for some time. I mean when user opens the page and left the page for some time and doing some other work. when the user comes again i need to again ask the credentials of the user. How can it be done.
Your have to check session on all pages or other options is use Asp.net Membership
I am using joomla 1.5.My login is with standar joomla module , I am having the request to automatically logoff users once thy close their browser, I dont know how Joomla handles the session or if is there any trick I can do to make this.. Thanks in advance
You could turn off cookies, I suppose - Check the Global Configuration.
For anyone else looking at this.
You can't clear a session when somebody closes the browser as the server doesn't know this has happened and the session data is stored on the server.
You can't disable cookies as then no one would be able to log in.
In global configuration you can set the session lifetime value to something like 15 minutes and if there is no activity in that period of time the user is automatically logged out.