Page 1 of 1
[SOLVED] FrontEndUsers - Session remains open when closing browser
Posted: Fri Oct 05, 2007 7:07 pm
by richbothe
I have CMSMS 1.0.6 with FEU 1.2.0 installed. Everything seems to be working out really good so far, but with one exception.
When a user is logged in and they close their browser instead of logging out, then reopen their browser and log back in the message "This user is already logged in" appears on the FEU Login form, but they no longer have access to the custom content or logout form.
Shouldn't closing the browser end the sessions?
Thanks,
Rich
Re: FrontEndUsers - Session remains open when closing browser
Posted: Fri Oct 05, 2007 7:17 pm
by calguy1000
FEU keeps the sessionid in the database until a timeout period occurs... or the user logs out. there's no way of notifying the website that somebody has closed the browser window, hence the reason for the timeout.
Re: FrontEndUsers - Session remains open when closing browser
Posted: Wed Oct 10, 2007 6:59 pm
by richbothe
Ah that makes sense! Where can I modify the timeout setting? Also, is there a way I can add an alert to notify users that they must logout of the site rather than just closing their browser? I think I can do this using Javascript, but I'm a bit of a novice with JS.
Rich
Re: FrontEndUsers - Session remains open when closing browser
Posted: Fri Oct 12, 2007 6:14 pm
by Pierre M.
Hello,
if a "standard" PHP session is used, you can tune the expiration parameter in the PHP settings.
If it is hardcoded somewhere in FEU, you have to dig into the code.
I don't know which one applies (hope "standard") and I can be wrong.
Pierre M.
Re: FrontEndUsers - Session remains open when closing browser
Posted: Sat Mar 15, 2008 7:09 pm
by jimeu
I am having this issue as well,
so, if the user is already logged in, why not allow to display the loggedin content ?
and instead of displaying the "this user is already loggin in", what would be a code, to signout, and display the login prompts for them to re-login ?
jimeu
CMS 1.2.3
Re: FrontEndUsers - Session remains open when closing browser
Posted: Mon Mar 17, 2008 11:58 am
by Pierre M.
Hello,
jimeu wrote:
and instead of displaying the "this user is already loggin in", what would be a code, to signout, and display the login prompts for them to re-login ?
Why do you think there is no such "feature" on Gmail, Yahoo, eBay...? Wouldn't this open the door to a denial of service attack ?
Pierre M.
Re: [SOLVED] FrontEndUsers - Session remains open when closing browser
Posted: Thu Aug 06, 2009 1:10 am
by szetlan
Actually, this is a BIG problem if you have a user that closes their browser, and then tries to go back to the site. The site thinks they've already logged in because the record exists in the loggedin table, but the interface doesn't have the right session -- so the user attempts to log in, and instead of creating a new session ID the system complains you're already logged in.
This can happen if the user closes their browser, or if they sign in at one location and then move to another one. It also happens if users share their credentials with another person, and you have two people trying to log in from separate areas at roughly the same time.
Is there a way to enable multiple simultaneous logins for a user?
Re: [SOLVED] FrontEndUsers - Session remains open when closing browser
Posted: Thu Aug 06, 2009 1:57 am
by jmcgin51
szetlan wrote:
Is there a way to enable multiple simultaneous logins for a user?
Yes.