Front end user session is not killed even after session timeout

Need help with the Administration of your Joomla! 3.x site? This is the spot for you.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
deit
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Wed Nov 06, 2019 10:50 am

Front end user session is not killed even after session timeout

Post by deit » Thu Nov 07, 2019 10:02 am

Hi

we have site on joomla 3.8.12

session time out is not working on front end logins.

need immediate support.

regards
Praveen

gws
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3941
Joined: Tue Aug 23, 2005 1:56 pm
Location: South coast, UK
Contact:

Re: Front end user session is not killed even after session timeout

Post by gws » Thu Nov 07, 2019 12:49 pm

https://forumpostassistant.github.io/docs/ Read carefully first.
Latest joomla is 3.9.13

waarnemer
Joomla! Hero
Joomla! Hero
Posts: 2341
Joined: Sun May 04, 2008 12:37 pm

Re: Front end user session is not killed even after session timeout

Post by waarnemer » Thu Nov 07, 2019 12:55 pm

For one you should upgrade/update to 3.9.latest version as soon as possible.
Second, see the https://forumpostassistant.github.io/docs/ it will help look for possible problems.

But for the session cookies, when in your site, in your browser hit F12 to open your debugger, go to tab application (chrome) or storage (firefox), look for the cookies involved.. it then shows an expiry.

Check that against your settings.

deit
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Wed Nov 06, 2019 10:50 am

Re: Front end user session is not killed even after session timeout

Post by deit » Fri Nov 08, 2019 5:29 am

@ gws & @ waarnemer --> Sir, thank you very much. I will attempt FPA, I am not well conversant with Joomla.

@ waarnemer --> Sir, thank you very much. I will try your advise now.

deit
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Wed Nov 06, 2019 10:50 am

Re: Front end user session is not killed even after session timeout

Post by deit » Fri Nov 08, 2019 6:00 am

@ gws & @ waarnemer --> Sir, I ran FPA and generated post. Pl guide me on further action.

@ waarnemer --> Sir, in the cookies in cache showing 4 cookies with information:

Name Value domain Path Expires/Max Age Size
SCPInfoMessage SCPInfoMessage dev.tstransco.in / 2019-11-08T08:40:24.000Z 28

cip_vvisitcounter MjIzLjMxLjE5Mi4xMzA%3D dev.tstransco.in / 2019-11-08T06:06:33.530Z 39

f9b6a367704c8783c4fdcb025ca150bd 8ap4mbahdu4shvvt68dn72bgb6 dev.tstransco.in / Session 58 ✓

login_state logged_in dev.tstransco.in / Session 20 ✓

waarnemer
Joomla! Hero
Joomla! Hero
Posts: 2341
Joined: Sun May 04, 2008 12:37 pm

Re: Front end user session is not killed even after session timeout

Post by waarnemer » Fri Nov 08, 2019 8:58 am

f9b6a367704c8783c4fdcb025ca150bd 8ap4mbahdu4shvvt68dn72bgb6 dev.tstransco.in / Session

is the one session

Expiry is end of session meaning that each hit, increments that time with the time set in the global configuration->system->session settings: session lifetime.

Default is 15 (minutes) so if you are not active after logging in, 15 minutes after, user is logged out.

Of course it can be set to something else...

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 26127
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: Front end user session is not killed even after session timeout

Post by Per Yngve Berg » Fri Nov 08, 2019 12:14 pm

What version of php are you running?

With php 7.x I recommend switching session handler database->php.

A cron job should run on the server to clean out expired sessions.

PS. I cannot see you have posted any FPA report.

deit
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Wed Nov 06, 2019 10:50 am

Re: Front end user session is not killed even after session timeout

Post by deit » Mon Nov 11, 2019 9:24 am

@waarnemer --> Thank you very much for the help. I understood that. Session is not ended as per time set in global configuration.

@ Per Yngve Berg--> Yes we are on PHP 7.x. We changed session handler from DB to PHP. IT IS WORKING.

deit
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Wed Nov 06, 2019 10:50 am

Re: Front end user session is not killed even after session timeout

Post by deit » Mon Nov 11, 2019 9:26 am

Our website is under audit.

We have 2 issues pending:

(i) Server shall check for mime type & content type before accepting file upload.

(ii) CSRF shall be applied on all forms.

Can any one please help us on above 2 points.


Post Reply

Return to “Administration Joomla! 3.x”