Project

General

Profile

Feature #3996

Permit setting the PHP session expiry time

Added by Yannick Warnier over 7 years ago. Updated about 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
21/10/2011
Due date:
% Done:

0%

Estimated time:
1.50 h
Complexity:
Normal
SCRUM pts - complexity:
8

Description

More and more people (I guess that's just because we are more and more people) are reporting frustration about the PHP sessions expiry.
In fact, we don't really manage them, server-side: the code in main/inc/lib/main_api.lib.php::api_session_start() only checks data from the session itself, so if anything happen to the session file or to the cookie, or for some reason the time is considered to have expired, the user looses his session.

To avoid this, we could just use the last activity time from the track_e_online table, which normally only contains one entry per user (and is always updated when the user loads a new page). When the user connects the next time, we check the value of the current time (time()) - $_configuration['session_lifetime'] (the maximum session time). It it is higher than track_e_login.login_date where login_user_id = api_get_user_id(), then we expire the session straight away, otherwise we re-use the session data. If there is no session data, we have to expire the user's session.

It is important to always give the maximum time to the user's session the first time then, so the session_lifetime setting will never be ignored because the cookie expires first.

Finally, the $_configuration['session_lifetime'] shouldn't be in the configuration file. It should be a database setting, changeable by URL, so that it can be changed by the admin of any portal.

This should be much easier to test than the current configuration, because we will finally be able to control the expiration, independently of the server's configuration.


Related issues

Related to Chamilo LMS - Bug #4084: Time spent in course 1500 hours and more Bug resolved30/11/2011

Actions
Related to Chamilo LMS - Feature #5054: Session cookie name prevents multiple login to 2 installations of chamiloNew25/06/2012

Actions

History

#1

Updated by Yannick Warnier almost 7 years ago

  • Target version changed from 1.9 Stable to 1.9 Beta
#2

Updated by Yannick Warnier almost 7 years ago

  • Target version changed from 1.9 Beta to 1.9 RC1
#3

Updated by Yannick Warnier over 6 years ago

  • Priority changed from High to Normal
  • Target version changed from 1.9 RC1 to 1.9.2

Postponing again

#4

Updated by Yannick Warnier over 6 years ago

  • Target version changed from 1.9.2 to 1.9.4
#5

Updated by Julio Montoya over 6 years ago

  • Target version changed from 1.9.4 to 2.0

Moving to 1.10 if you don't mind, requires a DB change and some tuning in the local/global files

#6

Updated by Yannick Warnier about 3 years ago

  • Target version changed from 2.0 to 3.0

Also available in: Atom PDF