On Thu, Jul 19, 2007 at 09:37:01AM +0200, Christophe David wrote: > >>Is there a way to force users to log on again after a specified time, > >>so that their access rights are not left forever (?) on a shared PC if > >>they do not logout ? > > > > # automatically log browser out after 15 minutes of inactivity > >ini_set('session.cookie_lifetime', time() + 15 * 60); > > On the server I tested (Windows 2003, Apache) > > ini_get('session.cookie_lifetime') returns nothing.
Interesting. It should probably have at least returned "0". Oh well. > In php.ini, it is set to 43200. Also interesting -- that must be some local default. This means that the session will last for 12 hours, or up to the value of session.gc_maxlifetime (defaults to 24 minutes). > As ini_get('session.cookie_lifetime') returns initially nothing, > wouldn't it be safer to include in the (farm)config.php) > ini_set('session.cookie_lifetime', time() +timeout); ? At any rate, there's a special-purpose session_set_cookie_params() function that seems to do exactly what you want. So, to automatically log out after 10 minutes, try (in local/(farm)config.php): session_set_cookie_params(10 * 60); Pm _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users