Jump to content

How to Turn OFF Admin Timeout?


Dirty Butter

Recommended Posts

  • 2 weeks later...

I searched through the bug reports and finally found the file that controls this: classes/session.class.php

Until someone can help me with a better way I did this:

//Set the lifetime to 30 minutes

//I set it to 12 hours

		ini_set('session.gc_maxlifetime', 43200);

I know that's not a good way to do it, but it seems to be working for now. As the day goes by we'll see.

It needs an if..else so it keeps the admin logged in, but times out a viewer who has left the page open for an extended time. It may well be that that code is in there somewhere already and just needs tweaking.

Link to comment
Share on other sites

  • 2 months later...

I searched through the bug reports and finally found the file that controls this: classes/session.class.php

Until someone can help me with a better way I did this:

//Set the lifetime to 30 minutes

//I set it to 12 hours

		ini_set('session.gc_maxlifetime', 43200);

I know that's not a good way to do it, but it seems to be working for now. As the day goes by we'll see.

It needs an if..else so it keeps the admin logged in, but times out a viewer who has left the page open for an extended time. It may well be that that code is in there somewhere already and just needs tweaking.

I was concerned about prolonged customer sessions getting orders mixed up, as I'd seen bug reports dealing with that. So I put this back to the default. But it really does need a way to keep the ADMIN logged in indefinitely, while using a short session length for customers.

Link to comment
Share on other sites

Would you please try this:

In the file \classes\session.class.php, at around line 55, change to:

$this->_session_timeout = (ADMIN_CP) ? 60 * 60 * 24 : 60 * 60 * 1;

This uses the constant that is set depending whether one visits the admin.php (true - wanting to go to the admin screens or login as an admin) or index.php (false - visitor at the store). If an admin, then a login session will expire after 24 hours of inactivity(*). Otherwise, a session is just an hour of inactivity(*).

(*)This is assuming the cause of premature loss of session control is analyzed, found, and fixed.

Also, this may take one or more log-out and log-in cycles to take effect.

Link to comment
Share on other sites

Would you please try this:

In the file \classes\session.class.php, at around line 55, change to:

$this->_session_timeout = (ADMIN_CP) ? 60 * 60 * 24 : 60 * 60 * 1;

This uses the constant that is set depending whether one visits the admin.php (true - wanting to go to the admin screens or login as an admin) or index.php (false - visitor at the store). If an admin, then a login session will expire after 24 hours of inactivity(*). Otherwise, a session is just an hour of inactivity(*).

(*)This is assuming the cause of premature loss of session control is analyzed, found, and fixed.

Also, this may take one or more log-out and log-in cycles to take effect.

I logged in and out 6 times, but Admin still times out quickly for me. But I'm having major session problems right now. I'm probably not a good test of your code.

Link to comment
Share on other sites

Hi bsmither

Just found your post as I have been having the same problem with being logged out every few minutes.

I made your suggested changes and went through a full half hour session, with tea break, without getting logged out.

I hope it now stays that way

Many thanks

Link to comment
Share on other sites

  • 2 weeks later...
Guest yorky7557

Would you please try this: In the file classessession.class.php, at around line 55, change to: $this->_session_timeout = (ADMIN_CP) ? 60 * 60 * 24 : 60 * 60 * 1; This uses the constant that is set depending whether one visits the admin.php (true - wanting to go to the admin screens or login as an admin) or index.php (false - visitor at the store). If an admin, then a login session will expire after 24 hours of inactivity(*). Otherwise, a session is just an hour of inactivity(*). (*)This is assuming the cause of premature loss of session control is analyzed, found, and fixed. Also, this may take one or more log-out and log-in cycles to take effect.

Implemented this code change today and looks like a winner to me! Many thanks for the snippet. Cheers

Yorky

Link to comment
Share on other sites

  • 4 weeks later...
Guest Dazmanjunket

Okay this change in session.class.php

Is it replacing this as this is what I found around line 55?

//Set the lifetime to 30 minutes

ini_set('session.gc_maxlifetime', 1800) <----- Is it replacing line or being added before or after this line?

As you are saying change:

"In the file classessession.class.php, at around line 55, change to:

$this->_session_timeout = (ADMIN_CP) ? 60 * 60 * 24 : 60 * 60 * 1;"

Regards

Dazman

Link to comment
Share on other sites

  • 1 year later...

In sessions.class.php, find:

 

if (session_id()) {
  session_unset();
  session_destroy();
  $_SESSION = array();
}

 

After that, add:

 

/**
 * Session time out
 * Change the last number of each group to the number of hours, admin : customer
 */
$this->_session_timeout = (ADMIN_CP) ? 60 * 60 * 168 : 60 * 60 * 168; // 7 days
 

 

This does work, but there is a caveat. There is a lot of discussion (most of it badly expressed) about PHP's garbage collection.

 

Garbage Collection is, in a sense, the dropping of sessions that, according to PHP's configuration, are past their expected lifetime. This is not the same as a cookie lifetime, which is what the above added code sets.

 

Without getting into the nuts and bolts of it, the garbage collection happens every time PHP runs, and there is a gamble of any session getting deleted. However, there isn't that much to worry about as the algorithm is very understanding of the need to keep sessions in the queue that need to be in the queue.

 

So, aside from a bad security token, the odds of have a session destroyed without merit is extremely low.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...