Limit Login Time

We're using the most recent version of Concrete5.

We have a section that is only limited to members with a login.

However, these users can login once and then leave the site, come back later and not have to login.

This causes an issue if another person users their computer.

Is there a way to "close" their session after they've been idle for a certain amount of time, say 2 hours or something like that?

Or does their session stay open unless they logout?

View Replies:
mesuva replied on at Permalink Reply
I had a bit of a look at how sessions are handled.

Concrete5 uses a constant SESSION_MAX_LIFETIME, to set the maxlifetime for a php session. However, it's perhaps more a php configuration thing rather than a concrete5 thing, as I think even if concrete5 tries to set the max lifetime, it will only do so if php is configured to allow it to change.

So you could try putting in your /config/site.php file:
define('SESSION_MAX_LIFETIME', 1000); // change the number to the number of seconds

I tried that and put a very small number, but couldn't get my session to timeout.
It could be that you need to set the php value session.gc_maxlifetime to something using a php.ini or .htaccess file, that's what concrete5 is trying to change.

This being said, I seem to find concrete5 stays logged in for very long times and can often check back to old sites that I've logged into and still find that I'm still logged in. I think though that this is if I haven't fully closed my browser for a while though - if you close your browser, the session will end.

Some ideas at least!
MysteriousCleon replied on at Permalink Reply
jonghdesign replied on at Permalink Reply
Is there already a solution for this post? I would like auto logout all users of the site (via dashboard) or via site.php define. The marketplace add-on does not support the C5.6 versions.
vishalsingh replied on at Permalink Reply
this code add into your default and view.php

if(isset($_SESSION['logintime']) && $_SESSION['logintime'] < time()){
$u = new User();
} else {
$_SESSION['logintime'] = time()+1*60; //for one minute