Auto logout broken?

Hi folks,

I’m currently evaluating Gibbon v17 and I was wondering why auto logout doesn’t work anymore.

In v12 a window used to show up, warning the user, that the session is about to expire. The user could then either click “Logout Out Now” or “Stay Connected”. If ignored, the user was logged out a few minutes later.

Can you reproduce this in v17?

Kind regards,
Roman

Comments

  • Hi Roman,

    This is interesting, can’t say that I had noticed it working or not working recently :sweat_smile: I’m just off for CNY break this next week and don’t have a laptop with me (the sign of a good break!), I’ll check it out when I’m back.

    Thanks!
    meierromadmin
  • Hi Roman,

    I've looked into this and the auto-logout appears to be working as expected (tested v17 and v18). If you tend to use multiple tabs, what you could be seeing is the auto-logout box pops up in the background in a different tab, and when not clicked will end the session for all tabs (appearing to log you out without warning). At some point I may look at the script and make it more tab-friendly.

    Otherwise, it could be something specific to wamp or your system. One way to test it's working is to look for line 215 in index.php and add $sessionDuration = 10;. Then log out and back in, and you should see the popup every 10 seconds (just don't test this on production :lol:)
  • Hi Sandra,

    False alarm!

    I simply forgot that by default Gibbon is set to have a rather long sessionDuration of 20 minutes, which we significantly reduced in our hacked version for security reasons.

    Using your hint showed that it’s working perfectly.

    Sorry for that!

    Kind regards,
    Roman
    admin
  • Hi Roman, thanks for clarifying! To me 20 minutes seems like a reasonable session duration, but then at my school we don't share any computers, and so perhaps that is a factor in my thinking. Out of interest, what would you suggest a reasonable length of time to be? Thanks! Ross.
  • Hi Ross,

    We do have a few teachers using personal devices but most use shared computers in the computer lab, library, admin office or teachers room.

    Especially when we introduced Gibbon I noticed that security issue with teachers forgetting to logout. It has improved since.

    Anyway, I decided to set the session duration to 5 minutes. Maybe a lower value like 2 minutes would be even better.

    I think it would make sense to allow such changes in the settings though. Currently there is a minimal constraint, which doesn't make sense for our setup.

    Kind regards,
    Roman
  • @admin @meierrom Sounds like a fair use-case for shared computers. We could perhaps keep the default, but lower the minimum value validation in System Setting to 5 minutes?
    adminmeierrom
Sign In or Register to comment.