Hello dear SPIPers,
I am building a Webapp on top of SPIP, and was wondering how to increase the lifetime of a SPIP Session/Login.
Normally users get logged out if they don’t come back to the site for a few days. Is it possible to set the SPIP Session to live for example for the duration of 365 days?
I can make a field on the login for « stay logged in until I click logout » - but how can I guarantee that the SPIP sessions in /tmp live longer?
Warm regards!
Urs
Le 09/12/2020 à 09:41, Urs Riggenbach via spip-en a écrit :
I am building a Webapp on top of SPIP, and was wondering how to increase the lifetime of a SPIP Session/Login.
in mes_options.php :
define('_RENOUVELLE_ALEA', 400 * 3600);
increases session lifetime to about 2 weeks
JL
Great, thank you JLuc!
Hello,
I have a follow-up question when it comes to variable stored in PHP’s $_SESSION, and SPIP’s Visitor Session, and SPIP’s Auteurs Session.
For logged in users, we have spip_admin cookie, and this can be prolonged based on JLuc’s answer. Perfect!
For visitors, we have spip_session cookie. How is this prolonged?
Finally, variables saved in PHP’s $_SESSION variable can be affected with:
<?php
$lifetime=3600;
session_start();
setcookie(session_name(),session_id(),time()+$lifetime);
?>
The behaviour should be that on each page reload, the cookie is prolonged e.g. another 3600 seconds.
In theory the public visitor session is also impacted by _RENOUVELLE_ALEA. It worked at least in the 3.X branch since multiple years. Maybe it’s linked but I experienced a bug since my migration in SPIP 4.X, described here : #5719 - Problème avec le cookie de session depuis SPIP 4.X ? - spip - SPIP on GIT
Thank you RastaPopoulos.
Indeed we have noticed unexpected log-outs on our SPIP systems, so this seems to be another confirmation that there is some issue with the cookie/session management as you have described on the bug:
Kind regards,
Urs