[
https://issues.apache.org/jira/browse/ZETACOMP-81?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13033462#comment-13033462
]
Jérôme Renard commented on ZETACOMP-81:
---------------------------------------
Hi Philipp,
Here is what I propose :
we could add an ezcAuthenticationSessionOptions::idleTimeout attribute that
would be used to handle user inactivity.
This could be used in conjunction with
ezcAuthenticationSessionOptions::validity in the following way.
ezcAuthenticationSessionOptions::validity handles the global timeout for the
session, but if ezcAuthenticationSessionOptions::idleTimeout is isset (and
inferior to ezcAuthenticationSessionOptions::validity) then the system will
handle that attribute as well.
As an example here is how you could configure the session :
validity : 1 hour
idleTimeout : 10 minutes
You would get
$options = new ezcAuthenticationSessionOptions();
$options->validity = 3600;
$option->idleTimeout = 600;
That way is the user is inactive for more than 10 minutes, his session is
removed, if not his session is removed after 1h anyway.
What do you think ?
> Session timeout
> ---------------
>
> Key: ZETACOMP-81
> URL: https://issues.apache.org/jira/browse/ZETACOMP-81
> Project: Zeta Components
> Issue Type: Bug
> Components: Authentication
> Reporter: Philipp Kamps
>
> Not sure, but looks like the session timeout is strange. I have following
> code:
> $options = new ezcAuthenticationSessionOptions();
> $options->validity = 10;
> $session = new ezcAuthenticationSession( $options );
> I would expect a session timeout after 10 seconds __OF INACTIVITY__. But it
> looks like it's a total lifetime of 10 seconds, even when I'm active (
> constantly requesting more pages that start the session ).
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
