I'm a bit worried why the user should log out.
At this time I set the session timeout for 20 minutes and I thought the user should be logged out after the session is over.
I can add a code that will do this on session_end
let me know the web. A form in the config came during the certification deadline, currently it is set for 48 hours.
I changed the authentication timeout for 20 minutes and it is working.
So the session time should the user be logged out or should it be done by a form authentication time?
Thank you
Edit:
I am facing this time that sessions are set to 0, Which is fine because the session has expired but I have thought that the user will also be logged out.
Am I right in saying that authentication data is always stored in the cookie and only the cookie will be cleared after certifying that form?
That is why I am facing what behavior is expected. There is a loss of user session but it is still logged in because the authentication information is stored in the cookie.
In that situation, I can set the session timeout as the time of proof. It is believed that the form authentication timeout is refreshed when the user does anything on the website.
Another option is to add code to the sesseion_end method where I will log out the user.
Editing 2:
Does the authentication periodically refresh from time to time as the session time?
Edit 3:
All the "Sliding Ends An active authentication cookie expires on a request during a single time Reset Session for. " I believe what I am trying to achieve. If session and authentication timeout will be reset at the same time with the authentication timeout then a session timeout will be reset and this should work. Any feedback you are welcome ...
I think it depends on the nature of your web application Does. When the session expires, most regular websites (such as stack overflow) do not log out a user; however, the user's login status with important security websites (i.e. banks) depends on the session, Which usually lessen for only a few minutes.
It is depending on your sounds depending on the user being logged on and if it is completely dependent on session, then you have to ping the server to the session to survive.
As long as the form is not requesting safe / personal information, I will not apply it to a limited time limit. This will not be the first time when I have completed one form in half, on the bed Gone and finished it in the morning!
Comments
Post a Comment