Z2Dave Posted September 28, 2010 Share Posted September 28, 2010 I have a problem with retained passwords for a CC3 application to be run by a charity. If you are browsing with FFX or IE6/7 or similar, once you have closed the page that was displaying admin you should of course have logged out. But if you haven't then anyone on the same browser/computer can, it seems, go back into admin without logging on. The system therefore is not fail safe and the 'committee' of this charity are demanding an automatic logout once the browser page is shut. I don't know whether I have explained it properly, however has anyone any ideas or am I doing something wrong Cheers Quote Link to comment Share on other sites More sharing options...
Guest Posted September 28, 2010 Share Posted September 28, 2010 Their is a logout link at the top of the admin page. They should click that before they close the window. The cookie will expire - not sure how long it does - but if they are concerned about it, just click on logout. Not sure if there is a way to automate it. Quote Link to comment Share on other sites More sharing options...
Z2Dave Posted September 28, 2010 Author Share Posted September 28, 2010 I agree with the link but what they are saying is that it is not a secure audit trail if someone forgets to log out. I think they are being over paranoid but they do have a point, and it's public money they are dealing with. Their is a logout link at the top of the admin page. They should click that before they close the window. The cookie will expire - not sure how long it does - but if they are concerned about it, just click on logout. Not sure if there is a way to automate it. Quote Link to comment Share on other sites More sharing options...
Guest fandango Posted September 28, 2010 Share Posted September 28, 2010 Hi Z2Dave, This may help: In the General Settings in the admin panel there is a session length setting in seconds (Max Session Length:) you could alter that to say 1800 that would give a half an hour session before being required to log in again, so if someone does forget to log out then its only the remainder of the 30 mins that the admin panel is live. Or alternative is to ensure that their browsers are set to clear recent history, clear cookies etc on close. Hope it helps. Fandango Quote Link to comment Share on other sites More sharing options...
Z2Dave Posted September 28, 2010 Author Share Posted September 28, 2010 Cheers on that. Sounds like an answer they will have to accept. Dave Hi Z2Dave, This may help: In the General Settings in the admin panel there is a session length setting in seconds (Max Session Length:) you could alter that to say 1800 that would give a half an hour session before being required to log in again, so if someone does forget to log out then its only the remainder of the 30 mins that the admin panel is live. Or alternative is to ensure that their browsers are set to clear recent history, clear cookies etc on close. Hope it helps. Fandango Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.