On Thu, July 19, 2007 22:18, Ben Wilson wrote: > On 7/19/07, Christophe David <[EMAIL PROTECTED]> wrote: > [...] >> >> Any idea how to make an inactivity timeout that actually works ;-) ? > > I developed a system with an inactivity timeout. What you need to do > is track session data on the server side. Each time the user accesses, > you update his mtime. If the delta between his last mtime and current > access is greater than your limit (e.g. 600 seconds), then you force a > time out. You could probably also track his mtime in the cookie the > same way. >
Just follow-up for completeness: The above mentioned server-sidely enforcement is included in UserAuth2. You can set a maximum inactivity time and a maximum absolute session life time via the variables SDV($UA2SessionMaxInactivityTime, 2*60*60); // In seconds, default 2 hours. SDV($UA2SessionMaxLifeTime, 24*60*60); // In seconds, default 1 day. This is perfectly working, independently from browser honesty or clock. It is done by keeping record of times in the session array. ThomasP _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users