Session Time-out (user) Session Time-out (user)
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Session Time-out (user)

Started by Cees, January 13, 2004, 01:18:48 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Cees

I experienced that when closing my windows (IE) with Coppermine in it, surfing around, and returning to my album after a while (Coppermine of course) in another browser-window: I didn't need to log in.
I actually expected one of these situations to happen:
- either my session would have been timed-out, so am I able to configure a Session Length somewhere?
- besides I was surprised my log-in was still remembered in a different window

I'd like to fix this problem for I edit my album every now and then on a PC that is used by others as well. :wink:
For information: I did not enable "remember me" when entering my log-in info and yes, I did use the search of this forum but unfortunately could not find my answer.

Using:
Coppermine Photo Gallery: 1.2.1 / PHP version: 4.3.1 / mySQL version: 3.23.49-log

Cookies & Charset settings:  
Name of the cookie used by the script: cpg11d
Path of the cookie used by the script: /
Character encoding: Default (language file)

Joachim Müller

coppermine doesn't use session, but relies on cookie-based login. If you haven't ticked the checkbox "Remember me" (which will keep the cookies life-time nearly-external) then your login is valid for as long as your pc is powered on (or rather: as long as you're logged in with the same user when using a multi-user system like WinNT or better or anything Lunix'ish). Plain cookie technology, nothing unexpected here...
What do you want the behaviour to be?

GauGau

Cees

Quote from: "gaugau"What do you want the behaviour to be?
Most preferably would be behaviour like phpBB: option to set a Session Length (which I understand is not (yet) supported by Coppermine) or even beter: when opening a new browserwindow an obligatory re-login (though I do not know how to realise that). Resulting in a cookie that is only valid for the window it has been made/started in?

Currently, I just found out, even after rebooting the system (W2K), logging in the same user and browsing around some, my login is still remembered. Because these systems are used by several people with the same user-account, this is not quite the way I like it.

phpBB is running on the same server, no integrating of both however

hyperion

For a a temporay fix, simply delete the browser's cookies when you are done working with your gallery.
"Then, Fletch," that bright creature said to him, and the voice was very kind, "let's begin with level flight . . . ."

-Richard Bach, Jonathan Livingston Seagull

(https://coppermine-gallery.com/forum/proxy.php?request=http%3A%2F%2Fwww.mozilla.org%2Fproducts%2Ffirefox%2Fbuttons%2Fgetfirefox_small.png&hash=9f6d645801cbc882a52f0ee76cfeda02625fc537)

dnulke

I would also like a timeout function. Either as long as the browser is running or even better, a 20 minute inactivity timeout. I donk know if this is even possible with the cookieapproach.

Cees

Quote from: "hyperion"simply delete the browser's cookies when you are done working with your gallery
That's an option, I see. But i think it's easier to remember myself somehow to log out when finished. Logging out is not the problem, only when forgetting so, others are able to edit the album in this particular situation on a public computer.
Therefore I think it's in terms of security good to fix, or create on option to fix, this situation.

Could someone pass this through for a Feature request?

Joachim Müller

moved thread to "feature requests" as per request.

GauGau

pogo

I agree with Cees, security is a big concern here as far as admin or public users forgetting to logout in public cafes. In result, this security hole can be valuable to intruders possibly thrashing out your entire gallery and delete users as long as cookies are not deleted from that particular computer. Implementing a timeout session length would definitely help in future release of CPG. Thanks for everything that you guys have done to make this great online gallery possible!

pogo[/quote]

Joachim Müller

I don't see it that dramatically: "regular" users shouldn't have more rights than to modify their user gallery, so the only thing someone could do on a public computer where a coppermine user has forgotten to log out is mess with the user's gallery. You (as gallery admin) should simply know what you're doing - if you must access the internet from another computer than your own, you'll definitely have to make sure nobody can user your "leftovers" on that computer to ruin you page.

Sessions may be a solution for some things, but it causes problems as well: if we don't come up with an option to switch sessions off, then it shouldn't go into mainstream coppermine code imo.

GauGau