[imp] next user resuming pre. user session......

Rich Lafferty rich@horde.org
Wed, 1 Nov 2000 15:45:57 -0500


On Wed, Nov 01, 2000 at 03:36:02PM -0500, David A Powicki (dpowicki@oit.umass.edu) wrote:
> 
> > On Wed, Nov 01, 2000 at 03:26:07PM -0500, David A Powicki (dpowicki@oit.umass.edu) wrote:
> > > 
> > > > > and 2.2.0 (production).  Using both versions with IE 5.5 on MACs/PCs
> > > > > and Netscape 4.0/4.7 on MACs/PCs we have discovered that users can
> > > > > resume previous users sessions if the 1st user CLOSES the browser
> > > > > and does NOT log out.
> > > >
> > > > What do you have in horde/phplib/local.inc for $lifetime?
> > >  
> > > We have $lifetime set to 30 minutes so we can timeout sessions.
> > 
> > Aha! That's how long sessions will last, then. There are two sorts of
> > cookies. Session cookies last until the browser is closed, and aren't
> > written to disk; the other kind *are* written to disk and have an
> > explicit expiry time that lives through browser restarts.
> 
> Is it possible to do session timeouts with a session cookie, or any other
> option  using 2.2 versions of IMP? 

With session cookies, the cookie lasts for the (browser) session; with
non-session cookies, the cookie lasts for the period of time specified
in $lifetime in local.inc.

You can't do both.

I've found it easier to teach users to close the browser than it is to
teach them to go back to IMP from whatever webpage they might be on
and logout, though -- if you can't teach your users to click logout,
you might want to use session cookies just so that the "natural"
behavior of closing the program functions as they might expect.

   -Rich

-- 
------------------------------ Rich Lafferty ---------------------------
 Sysadmin/Programmer, Instructional and Information Technology Services
   Concordia University, Montreal, QC                 (514) 848-7625
------------------------- rich@alcor.concordia.ca ----------------------