[NOT BUG] Question on Session timeout w/ 1.0.8

[swank]

I'm not sure if it was a bug or a feature, but I know that with 1.0.7 you had to make a change to joomla.php so that users would be logged out when closing their browser window (it involved the name of the session cookie)

I know there have been changes in regards to session times with 1.0.8 and "remember me", but I've tested it and as far as my tests user sessions are still alive after the users closes the browsers and then opens a new browser and returns to the site...

it seems to me that "close browser window" should = end session...

Can anyone comment as to what is going on here?

thanks.

[stingrey]

I know there have been changes in regards to session times with 1.0.8 and "remember me", but I've tested it and as far as my tests user sessions are still alive after the users closes the browsers and then opens a new browser and returns to the site...

This applies only for site vistors only

Closing the browser will kill the session cookie in your browser.
So that when you reopen the browser a new session cookie will be given to the browser.

However, closing the browser will not kill the session record in jos_session table.  There is no way for a the browser closing action to send a message to the server to tell it to delete a record in the jos_session table.

What happens is the system will clear old sessions that are older than 900 seconds (ie 900 seconds of no other browsing on the site).

So yes it is temporarily possible to inflate your whos online count in this manner

[swank]

This applies only for site vistors only

Closing the browser will kill the session cookie in your browser.
So that when you reopen the browser a new session cookie will be given to the browser.

Thanks fr the reply stingrey...

Ok, I think what I am seeing is a differnece in how Mac vs. PC browsers handle windowing...

On the Mac, closing the browser window does not quit the application (and it seems your cookies are still alive). On the PC closing the window quits the Application and I see indeed the users is logged out.

Also on the the PC, it seems a browser that uses tabs (FireFox) shares cookies between the tabbed windows, and closing a tab will not clear the cookie...

If I have serveral PC IE windows open the cookie is shared and not killed until the all of the windows are closed (no matter what site they are on) - correct?

[stingrey]

On the Mac, closing the browser window does not quit the application (and it seems your cookies are still alive). On the PC closing the window quits the Application and I see indeed the users is logged out.

No idea on this one, not a Mac user

Also on the the PC, it seems a browser that uses tabs (FireFox) shares cookies between the tabbed windows, and closing a tab will not clear the cookie...

This is correct, the cookie will only be killed when all instances of firefox have been terminated from proccesses

If I have serveral PC IE windows open the cookie is shared and not killed until the all of the windows are closed (no matter what site they are on) - correct?

Most probably, though not totally sure.

[Belini]

Hi,

It forgives for making over again the topic, but I found this in good hour.

Use joomla in our Intranet and to have access is necessary logon. Until there all good, but I have one link in the site that opens one popup where the necessary user to make another one logon to see information private.

There it is the problem, therefore what popup makes he is simply to call the proper Intranet passing with parameter the component login. As they must be thinking is obvious that joomla does not bring new form of logon, it asks if the current user wants to become detached itself, exactly because cookie is shared.

I made some tests and I noticed that if I open two to browser, from the work area, joomla sees two sections independent, that is, he allows logon with different users or equal (in my site he is possible) in each borwser.

The question is, as I makes to open one popup as a new section and not as a frame of current browser?