Jump to content

time out login session


henryluiz

Recommended Posts

Hi,

Yep me....since i moved CC v4 to Centos v6.5 the login timeout for CCv4 users and admin has changed. Is there a way of disabling this timeout

Appreciate your help on this unsupported version of CC4. I am working on migrating to CC v6 but my client requires extra time before this can happen.

Link to comment
Share on other sites

According to what I see in the CC445 code, for the storefront, a session will last according to a setting in admin, General Settings, Styles and Misc group, Max Session Length.

For admin, it seems the session should stay open until the browser is closed.

Link to comment
Share on other sites

hi all,

thank you for the reply. I do not need more than 18 days but my client complains it logs off within 5 minutes. I cannot simulate this problem so the only way is to disable it.

I will set it to blank and see what happens

Where would the hosting company control the timing of login sessions

once again thank you for your help

Link to comment
Share on other sites

PHP manages "sessions". There are settings that control the behavior of how long to keep the "session file" associated with the cookie that CubeCart and the visitor's browser keeps sending back and forth. Those settings are called "garbage collection" and they can be set on a per-application basis. Cubecart does this.

However, with PHP, the server administrator can force these values and deny the application the ability to change it. I am not aware of any hosting provider that would do this.

You say the session is lost after five minutes. It would help you to troubleshoot if you could monitor the cookie over that period of time. The cookie value is stored in the database, and is also associated with the PHP session file (which you may or may not have access to).

Link to comment
Share on other sites

Hi, i have full access to my hosting server. Looking at my php.ini the following are set

session.gc_maxlifetime = 0

session.cookie_lifetime = 0

The site is still logging out in 3- minutes

Also it is only happening to my CC v4. I have 2 other Cc v6 sites on the same host with no issues

Appreciate your help

Link to comment
Share on other sites

Somewhere in CC4's admin is Server Info. It will show the current PHP settings that CubeCart is running under.

In the "Session" table, there is a 'local' and a 'master' value column.

This PHP page explains what these values mean.

I am going to say that CC4 does not change what is available from the Master column.

I will also say that gc_maxlifetime at 0 is wrong.

Link to comment
Share on other sites

Hi,

 

I have the attached in ccv4 sessions table....timestart timelast  ...may be a clue, but I do not know what these values are...see attached

 

an idea

Capture.png

I also notice that something clears the entries in the sessions table. when this happens the user get log off

Link to comment
Share on other sites

I think it is controlled in the classes/session/cc_session.php file at

function destroySession($sessionId) {
  
  ## removed to keep basket data
  $this->set_cc_cookie(CC_SESSION_NAME, '', time()-3600);
  $this->set_cc_cookie('username', '', time()-3600);
  $this->set_cc_cookie('password', '', time()-3600);
  
  $data["customer_id"] = '0';
  $update = $this->db->update($this->glob['dbprefix']."CubeCart_sessions", $data,"sessId=".$this->db->mySQLSafe($GLOBALS[CC_SESSION_NAME]));
  return ($update) ? true : false;

 

I do not know enough on coding. is there a way to disable the destroy session function

cc_session.php

Edited by henryluiz
upload copy of sessions file
Link to comment
Share on other sites

CubeCart destroys sessions when the customer or admin actually logs out. I would recommend against not being able to log out.

The timeStart is when the session first logged in, and the timeLast is when the most recent page request was made. For every page request, CubeCart is supposed to send back the same cookie with a new expiration date/time that is for the customer according to that setting in admin, and for the admin, no expiration as the cookie is considered a "session" cookie (the browser keeps it alive until the browser is closed).

Customer #255 has made their most recent page request 261 seconds.after logging in.

When rows in the sessions table get deleted, CubeCart is clearing out obsolete entries. There is a function in cc_session.php, deleteOldSessions(), that takes the time duration set in admin, subtracts it from now to get some past date, then deletes all records where timeLast is less than that past date. Thus, having zero as that admin setting will cause quite a bit of confusing session behavior.

Link to comment
Share on other sites

The best way forward would be to make a detailed list (if you dont already have it) of all customisation that was done and firstly determine whether your client actually still really needs each point !  You will be surprised at how much will be a standard part of CubeCart already, wont actually be required by the client any longer or will be provided by a plugin already written - check https://www.cubecart.com/extensions as a starting point although not all written plugins are listed here but a lot are.

After that, if you have some functionality that your client absolutely needs and isnt already provided by a plugin do not be tempted to go down the quick fix route of modifying core code, there are several developers of plugins (including us) that might be interested in developing a plugin for your requirements

Ian

Link to comment
Share on other sites

6 minutes ago, henryluiz said:

I have documented the changes and will be asking the client for sign-off acceptance.

....what would be the best way to start communications......through the forum or another way

That is a great start - you can contact me via a PM on here or better still via our website https://www.havenswift-hosting.co.uk and look forward to hearing from you

Ian

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...