[NOT BUG] Question on Session timeout w/ 1.0.8

Locked
swank
Joomla! Apprentice
Joomla! Apprentice
Posts: 29
Joined: Sat Sep 17, 2005 9:40 pm

[NOT BUG] Question on Session timeout w/ 1.0.8

Post by swank » Tue Mar 07, 2006 8:47 pm

I'm not sure if it was a bug or a feature, but I know that with 1.0.7 you had to make a change to joomla.php so that users would be logged out when closing their browser window (it involved the name of the session cookie)

I know there have been changes in regards to session times with 1.0.8 and "remember me", but I've tested it and as far as my tests user sessions are still alive after the users closes the browsers and then opens a new browser and returns to the site...

it seems to me that "close browser window" should = end session...

Can anyone comment as to what is going on here?

thanks.
Last edited by stingrey on Tue Mar 07, 2006 8:58 pm, edited 1 time in total.

User avatar
stingrey
Joomla! Hero
Joomla! Hero
Posts: 2756
Joined: Mon Aug 15, 2005 4:36 pm
Location: Marikina, Metro Manila, Philippines
Contact:

Re: Question on Session timeout w/ 1.0.8

Post by stingrey » Tue Mar 07, 2006 8:58 pm

swank wrote: I know there have been changes in regards to session times with 1.0.8 and "remember me", but I've tested it and as far as my tests user sessions are still alive after the users closes the browsers and then opens a new browser and returns to the site...
This applies only for site vistors only

Closing the browser will kill the session cookie in your browser.
So that when you reopen the browser a new session cookie will be given to the browser.

However, closing the browser will not kill the session record in jos_session table.  There is no way for a the browser closing action to send a message to the server to tell it to delete a record in the jos_session table.

What happens is the system will clear old sessions that are older than 900 seconds (ie 900 seconds of no other browsing on the site).

So yes it is temporarily possible to inflate your whos online count in this manner
Rey Gigataras
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me :)
Partner, Business Development & Project Manager, Event Manager, Sports Coach :D

swank
Joomla! Apprentice
Joomla! Apprentice
Posts: 29
Joined: Sat Sep 17, 2005 9:40 pm

Re: Question on Session timeout w/ 1.0.8

Post by swank » Tue Mar 07, 2006 9:29 pm

stingrey wrote:
This applies only for site vistors only

Closing the browser will kill the session cookie in your browser.
So that when you reopen the browser a new session cookie will be given to the browser.
Thanks fr the reply stingrey...

Ok, I think what I am seeing is a differnece in how Mac vs. PC browsers handle windowing...

On the Mac, closing the browser window does not quit the application (and it seems your cookies are still alive). On the PC closing the window quits the Application and I see indeed the users is logged out.

Also on the the PC, it seems a browser that uses tabs (FireFox) shares cookies between the tabbed windows, and closing a tab will not clear the cookie...

If I have serveral PC IE windows open the cookie is shared and not killed until the all of the windows are closed (no matter what site they are on) - correct?

User avatar
stingrey
Joomla! Hero
Joomla! Hero
Posts: 2756
Joined: Mon Aug 15, 2005 4:36 pm
Location: Marikina, Metro Manila, Philippines
Contact:

Re: Question on Session timeout w/ 1.0.8

Post by stingrey » Tue Mar 07, 2006 9:43 pm

swank wrote: On the Mac, closing the browser window does not quit the application (and it seems your cookies are still alive). On the PC closing the window quits the Application and I see indeed the users is logged out.
No idea on this one, not a Mac user
swank wrote: Also on the the PC, it seems a browser that uses tabs (FireFox) shares cookies between the tabbed windows, and closing a tab will not clear the cookie...
This is correct, the cookie will only be killed when all instances of firefox have been terminated from proccesses
swank wrote: If I have serveral PC IE windows open the cookie is shared and not killed until the all of the windows are closed (no matter what site they are on) - correct?
Most probably, though not totally sure.
Rey Gigataras
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me :)
Partner, Business Development & Project Manager, Event Manager, Sports Coach :D

User avatar
Belini
Joomla! Explorer
Joomla! Explorer
Posts: 345
Joined: Fri Nov 18, 2005 6:44 pm

Re: [NOT BUG] Question on Session timeout w/ 1.0.8

Post by Belini » Tue May 15, 2007 1:15 pm

Hi,

It forgives for making over again the topic, but I found this in good hour.

Use joomla in our Intranet and to have access is necessary logon. Until there all good, but I have one link in the site that opens one popup where the necessary user to make another one logon to see information private.

There it is the problem, therefore what popup makes he is simply to call the proper Intranet passing with parameter the component login. As they must be thinking is obvious that joomla does not bring new form of logon, it asks if the current user wants to become detached itself, exactly because cookie is shared.

I made some tests and I noticed that if I open two to browser, from the work area, joomla sees two sections independent, that is, he allows logon with different users or equal (in my site he is possible) in each borwser.

The question is, as I makes to open one popup as a new section and not as a frame of current browser?


Locked

Return to “Superseded Issues - Archive”