[horde] session timeout help

Jan Schneider jan at horde.org
Thu Oct 7 13:27:33 UTC 2010 

Zitat von Zach Phillippe <zphil at okcareertech.org>:

> Jan Schneider <jan at horde.org>Thu 30 Sep 2010 10:29:25 AM CDT
>
>> Please don't top-post.
>>
>> Zitat von Zach Phillippe <zphil at okcareertech.org>:
>>
>>> Jan Schneider <jan at horde.org>Wed 29 Sep 2010 04:28:46 PM CDT
>>>
>>>> Zitat von Zach Phillippe <zphil at okcareertech.org>:
>>>>
>>>>>
>>>>>
>>>>> We are currently storing session information in mysql, and can see
>>>>> that it is updating as user remains active.
>>>>>
>>>>> However, we have set session timeout to 300 secs in the Horde conf,
>>>>> and it certainly times out at 300 seconds, disregarding the user's
>>>>> activity.
>>>>>
>>>>> We would like to know if an activity based timeout is possible. Can
>>>>> a user be timed out only after 300 second of inactivity?
>>>>
>>>> That's how it should work. Is the session_lastmodified field being
>>>> updated while the user is active? Are you sure that the session times
>>>> out, and not the session cookie?
>>>
>>>
>>> Thank you for your response.
>>>
>>> Yes, the session_lastmodified field is being updated while the user
>>> is active, and if I switch to php/file based sessions; the session
>>> file is also updated while user is being active. I examined the
>>> cookie expiration in the browser and noticed it was not being
>>> updated, any ideas as to what causes this?
>>
>> Did you set a cookie timeout in the session settings of the horde
>> configuration? Did you read the documentation for this setting?
>>
>> Jan.
>>
>> --
>> Do you need professional PHP or Horde consulting?
>> http://horde.org/consulting/
>>
>> --
>> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>
>
> Yes, here are some settings I used:
>
> $conf['session']['name'] = 'Horde';
> $conf['session']['use_only_cookies'] = true;
> $conf['session']['cache_limiter'] = 'nocache';
> $conf['session']['timeout'] = 300;
>
> # The cookie is being set in the browser with a 300 expiration, but  
> not updated #with an expiration time when they are active. Should  
> the setting be:
> #$conf['session']['timeout'] = time() + 300;? or is there a specific  
> #['cookie'['timeout']= variable?
>
> $conf['cookie']['domain'] = '.mydomain.org';
> #$conf['cookie']['domain'] = $_SERVER['SERVER_NAME']; //also try  
> this but current trying above variant.
>
> $conf['cookie']['path'] = '/horde';
> #$conf['cookie']['path'] = '/';//also tried this but using above as  
> well in this case.
>
> To summarize, sessions are being created in the mysql db and they  
> are updated as users are active. When a user logins in, a session  
> cookie is created with an expiration time, per the setting in the  
> conf.php ie $conf['session']['timeout'] = 300;. However the users  
> cookie never gets updated beyond that via activity. So they time out  
> exactly after 5 mins after logining, ignoring the fact they are  
> active.

There are several cookies being sent by Horde/PHP. Is the timeout for  
any of those being updated? Which ones? If it's really the session  
cookie (usually the "Horde" cookie), then this is done by PHP, and the  
error has to be looked for there.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/

More information about the horde mailing list