I'm not sure if it was a bug or a feature, but I know that with 1.0.7 you had to make a change to joomla.php so that users would be logged out when closing their browser window (it involved the name of the session cookie)
I know there have been changes in regards to session times with 1.0.8 and "remember me", but I've tested it and as far as my tests user sessions are still alive after the users closes the browsers and then opens a new browser and returns to the site...
it seems to me that "close browser window" should = end session...
Can anyone comment as to what is going on here?
thanks.
[NOT BUG] Question on Session timeout w/ 1.0.8
-
- Joomla! Apprentice
- Posts: 29
- Joined: Sat Sep 17, 2005 9:40 pm
[NOT BUG] Question on Session timeout w/ 1.0.8
Last edited by stingrey on Tue Mar 07, 2006 8:58 pm, edited 1 time in total.
- stingrey
- Joomla! Hero
- Posts: 2756
- Joined: Mon Aug 15, 2005 4:36 pm
- Location: Marikina, Metro Manila, Philippines
- Contact:
Re: Question on Session timeout w/ 1.0.8
This applies only for site vistors onlyswank wrote: I know there have been changes in regards to session times with 1.0.8 and "remember me", but I've tested it and as far as my tests user sessions are still alive after the users closes the browsers and then opens a new browser and returns to the site...
Closing the browser will kill the session cookie in your browser.
So that when you reopen the browser a new session cookie will be given to the browser.
However, closing the browser will not kill the session record in jos_session table. There is no way for a the browser closing action to send a message to the server to tell it to delete a record in the jos_session table.
What happens is the system will clear old sessions that are older than 900 seconds (ie 900 seconds of no other browsing on the site).
So yes it is temporarily possible to inflate your whos online count in this manner
Rey Gigataras
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
-
- Joomla! Apprentice
- Posts: 29
- Joined: Sat Sep 17, 2005 9:40 pm
Re: Question on Session timeout w/ 1.0.8
Thanks fr the reply stingrey...stingrey wrote:
This applies only for site vistors only
Closing the browser will kill the session cookie in your browser.
So that when you reopen the browser a new session cookie will be given to the browser.
Ok, I think what I am seeing is a differnece in how Mac vs. PC browsers handle windowing...
On the Mac, closing the browser window does not quit the application (and it seems your cookies are still alive). On the PC closing the window quits the Application and I see indeed the users is logged out.
Also on the the PC, it seems a browser that uses tabs (FireFox) shares cookies between the tabbed windows, and closing a tab will not clear the cookie...
If I have serveral PC IE windows open the cookie is shared and not killed until the all of the windows are closed (no matter what site they are on) - correct?
- stingrey
- Joomla! Hero
- Posts: 2756
- Joined: Mon Aug 15, 2005 4:36 pm
- Location: Marikina, Metro Manila, Philippines
- Contact:
Re: Question on Session timeout w/ 1.0.8
No idea on this one, not a Mac userswank wrote: On the Mac, closing the browser window does not quit the application (and it seems your cookies are still alive). On the PC closing the window quits the Application and I see indeed the users is logged out.
This is correct, the cookie will only be killed when all instances of firefox have been terminated from proccessesswank wrote: Also on the the PC, it seems a browser that uses tabs (FireFox) shares cookies between the tabbed windows, and closing a tab will not clear the cookie...
Most probably, though not totally sure.swank wrote: If I have serveral PC IE windows open the cookie is shared and not killed until the all of the windows are closed (no matter what site they are on) - correct?
Rey Gigataras
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
- Belini
- Joomla! Explorer
- Posts: 354
- Joined: Fri Nov 18, 2005 6:44 pm
Re: [NOT BUG] Question on Session timeout w/ 1.0.8
Hi,
It forgives for making over again the topic, but I found this in good hour.
Use joomla in our Intranet and to have access is necessary logon. Until there all good, but I have one link in the site that opens one popup where the necessary user to make another one logon to see information private.
There it is the problem, therefore what popup makes he is simply to call the proper Intranet passing with parameter the component login. As they must be thinking is obvious that joomla does not bring new form of logon, it asks if the current user wants to become detached itself, exactly because cookie is shared.
I made some tests and I noticed that if I open two to browser, from the work area, joomla sees two sections independent, that is, he allows logon with different users or equal (in my site he is possible) in each borwser.
The question is, as I makes to open one popup as a new section and not as a frame of current browser?
It forgives for making over again the topic, but I found this in good hour.
Use joomla in our Intranet and to have access is necessary logon. Until there all good, but I have one link in the site that opens one popup where the necessary user to make another one logon to see information private.
There it is the problem, therefore what popup makes he is simply to call the proper Intranet passing with parameter the component login. As they must be thinking is obvious that joomla does not bring new form of logon, it asks if the current user wants to become detached itself, exactly because cookie is shared.
I made some tests and I noticed that if I open two to browser, from the work area, joomla sees two sections independent, that is, he allows logon with different users or equal (in my site he is possible) in each borwser.
The question is, as I makes to open one popup as a new section and not as a frame of current browser?