But checked 'remember me' checkbox doesn't work.
On 22 Cze, 12:30, Sid Bachtiar <sid.bacht...@gmail.com> wrote: > But I think there is a 'remember me' checkbox option that warns them about it. > > It is a dangerous arrangement, so you need to be very careful here. > > > > On Mon, Jun 22, 2009 at 10:25 PM, dziobacz<aaabbbcccda...@gmail.com> wrote: > > > But in 99% forums user is still loged on after closed and opened > > browser. For example here:http://www.dbforums.com/So this solution > > is normal and very popular. > > > I think I have found a solution: > > > user: > > class: myUser > > param: > > timeout: 2592000 > > > storage: > > class: sfSessionStorage > > param: > > session_cookie_lifetime: 2592000 > > > timeout and session_cookie_lifetime must be exacly the same because > > Symfony takes minimum from timeout and session_cookie_lifetime. > > > On 22 Cze, 12:09, Gareth McCumskey <gmccums...@gmail.com> wrote: > >> Here's an example scenario. Your user goes to an Internet cafe. He logs > >> into > >> your web application and does what he wants to do then closes the browser > >> (without logging out first) then walks out the door. If the session was not > >> killed on browser exit then the next person that comes along and opens the > >> browser and views the history or if the browser was setup to keep tabs > >> open, > >> they can then access your users account. > > >> Work with the assumption that the browser exit will always kill the > >> session. > >> It is by far a better security arrangement. > > >> On Mon, Jun 22, 2009 at 11:45 AM, Sid Bachtiar > >> <sid.bacht...@gmail.com>wrote: > > >> > Hi, > > >> > That's just how browser usually setup, to kill session when it is closed. > > >> > The timeout is for if user has the browser window opened, but inactive > >> > (e.g.: not making any request to server) for x amount of time. > > >> > You need to think about the security aspect when setting the timeout. > >> > The longer the timeout, the more chance of your user forgot to logout > >> > and someone else using their account. > > >> > On Mon, Jun 22, 2009 at 8:59 PM, dziobacz<aaabbbcccda...@gmail.com> > >> > wrote: > > >> > > User should be log in 30 days = 2592000 seconds. In factories.yml I > >> > > have: > >> > > all: > >> > > user: > >> > > class: myUser > >> > > param: > >> > > timeout: 2592000 > > >> > > But after closed browser user is log out and he must log in again, > >> > > why ? What should I do ? > > >> > -- > >> > Blue Horn Ltd - System Development > >> >http://bluehorn.co.nz > > >> -- > >> Gareth McCumskeyhttp://garethmccumskey.blogspot.com > >> twitter: @garethmcc > > -- > Blue Horn Ltd - System Developmenthttp://bluehorn.co.nz --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
