Control Panel Security: (3) Auto-Log Off

Locked
JasynL1977
Joomla! Apprentice
Joomla! Apprentice
Posts: 37
Joined: Thu Sep 06, 2007 5:14 pm

Control Panel Security: (3) Auto-Log Off

Post by JasynL1977 » Mon Mar 10, 2008 8:39 pm

It seems that the login is an easy target for attacks. I would strengthen security by incorporating the following:

3) When a user appears to be idle for awhile, a javascript alert would prompt the user to click a button to stay on the page; otherwise, the user would be logged out automatically. (Of course, this can be turned off, but at least it helps people who may forget to log out on a public computer.)

User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16584
Joined: Thu Aug 18, 2005 7:13 am

Re: Control Panel Security: (3) Auto-Log Off

Post by Tonie » Mon Mar 10, 2008 8:45 pm

1.5 already has a session timeout value in Global Configuration --> System. By default, it's set to 60 minutes. Is this what you want?

JasynL1977
Joomla! Apprentice
Joomla! Apprentice
Posts: 37
Joined: Thu Sep 06, 2007 5:14 pm

Re: Control Panel Security: (3) Auto-Log Off

Post by JasynL1977 » Mon Mar 10, 2008 9:34 pm

No, this is different...

A message would appear, similar to the following:

"You have been inactive for awhile. For security purposes, you will be logged off, unless you press OK."

1) So, if the user does not appear to be online, it would automatically be redirected. It would be more secure, hiding the contents of the current page.

2) However, before the page is redirected, the end-user has the chance to keep the page from being redirected (in the event he or she was just typing a long article, for example), by clicking OK on a pop-up box. There would be a timer to give the user a chance to respond. This way, the user can prevent the site from logging out.

User avatar
Hackwar
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3783
Joined: Fri Sep 16, 2005 8:41 pm
Location: NRW - Germany
Contact:

Re: Control Panel Security: (3) Auto-Log Off

Post by Hackwar » Mon Mar 24, 2008 5:53 pm

We already have this feature. When a user is typing an article, the session is kept open, when the window is closed, the user is logged off after a few minutes. I'm moving this to denied, but if you still see this as an issue, please reply to this topic again and we will see what we can do.
god doesn't play dice with the universe. not after that drunken night with the devil where he lost classical mechanics in a game of craps.

Since the creation of the Internet, the Earth's rotation has been fueled, primarily, by the collective spinning of English teachers in their graves.


Locked

Return to “Not Accepted - Archived”