Home » Community » Developer Space » Community Server 2008

Forums

Open Support Ticket

Call Support:
Direct: (214) 420-1337
Toll Free: (877) 522-6334

Monday through Friday
8 a.m. to 6 p.m. Central (GMT-6)

Join our Community
Details
  • 5 Replies
  • 1 Subscriber
  • Postedover 3 years ago
Options

user session timeout issue after logging in and redirecting to another website

This question has suggested answer(s)
mugsey
Posted by
on Thu, May 28 2009 3:11 AM

We have testers using our CS installation and have raised the following issue:

 

Logged into CS and then redirected website from by entering the url in the address bar, then left it for about an hour. I then typed in the CS url was then able to get back , and went straight back to the users profile page - login details were not requested.

How can I ensure that the user is prompted for a login after say 15 minutes

 

 
All Replies
  • Alex Crome
    Posted by
    on Thu, May 28 2009 5:22 AM
    Suggested Answer

    When the users logged in, did they tickt he Remember Me checkbox?  If they did that's why the cookie will be remembered (by default when ticking hte Remember Me checkbox it's remembered for 30 days.

    @afscrome | Linked In
  • mugsey
    Posted by
    on Thu, May 28 2009 5:32 AM

    HI Alex

    No I have removed the remember me checkbox from the login page.  I assume it should be a membership account setting?  I did test this though and after more than 30 mins you can still get back into cs without logging in
  • Alex Crome
    Posted by
    on Thu, May 28 2009 5:39 AM

    The auto login checkbox actually determines whether the cookie is maintained across browser sessions.  If your users exit their browser and reopen it, they should need to log in again.

    @afscrome | Linked In
  • mugsey
    Posted by
    on Thu, May 28 2009 5:52 AM

    Yes thanks - however it was part of a penetration test so they kept the browser open as part of the test.

    So what configuration do I need to do to ensure that the session expires after say 15 minutes - without closing the browser down?
  • Veereswaran
    Posted by
    on Mon, May 3 2010 10:00 AM

    Hi Alex,

    What configuration changes do we need to do to expire the session after 15mins? Please help us

    Thanks

    Veer