[imp] next user resuming pre. user session......

[David Powicki]

> and 2.2.0 (production).  Using both versions with IE 5.5 on MACs/PCs
> > > > > > and Netscape 4.0/4.7 on MACs/PCs we have discovered that users can
> > > > > > resume previous users sessions if the 1st user CLOSES the browser
> > > > > > and does NOT log out.
> > > > >
> > > > > What do you have in horde/phplib/local.inc for $lifetime?
> > > >
> > > > We have $lifetime set to 30 minutes so we can timeout sessions.
> > >
> > > Aha! That's how long sessions will last, then. There are two sorts of
> > > cookies. Session cookies last until the browser is closed, and aren't
> > > written to disk; the other kind *are* written to disk and have an
> > > explicit expiry time that lives through browser restarts.
> >
> > Is it possible to do session timeouts with a session cookie, or any other
> > option  using 2.2 versions of IMP?
>
> With session cookies, the cookie lasts for the (browser) session; with
> non-session cookies, the cookie lasts for the period of time specified
> in $lifetime in local.inc.
>

Thanks for clearing that up.


> You can't do both.
>
> I've found it easier to teach users to close the browser than it is to
> teach them to go back to IMP from whatever webpage they might be on
> and logout, though -- if you can't teach your users to click logout,
> you might want to use session cookies just so that the "natural"
> behavior of closing the program functions as they might expect.
>

Ahhhh, user education....   It's amazing that it always comes down to that.  Now that I am more
clear about the behavior  I guess I can figure out what I want to do.   Both session termination
methods have there advantages.   I guess I'll ponder this one for a bit.....

Thanks again..

--

David Powicki     Network Analyst/Postmaster     OIT Network Services
Voice: 413.545.1605  Fax: 413.545.3203    University of Massachusetts
email: dpowicki@nic.umass.edu             Amherst, MA 01003-4640