SSL Labs ScoreSecurityHeaders.io Score

Log in to participate

There is no cost to join RicheyWeb, and membership is a requirement to submit bug reports and participate in the support forums.

× Extension Discussions

Session Keeper - forced logout

More
1 week 20 hours ago - 1 week 19 hours ago #2618 by Qurius
Qurius created the topic: Session Keeper - forced logout
Hello -
First - thank you for the great plugin it's been really helpful as an admin. I just have a quick question about Session Keeper... if the session warning is enabled with Bootstrap modal window and the session expires (for those that are not in the keep alive group) it pops up with the "session timed out" message. I'm finding that if the user doesn't close that window or click on the page they're staying logged in. Most just close their browser so I get problems when they come back with two logins.
I really like the logout warning so wondering if there is a way to have it force a logout (other than switching to Javascript) after the "Session Timed Out" message appears (maybe on a timer).

Thanks for your help
Last Edit: 1 week 19 hours ago by Qurius.

Please Log in or Create an account to join the conversation.

More
5 days 12 hours ago #2630 by michael
michael replied the topic: Session Keeper - forced logout
The only reason you'd be still logged in is if you have a keepalive active on the page. If your page has a login module - there is a keepalive script running.

Please Log in or Create an account to join the conversation.

More
5 days 9 hours ago - 5 days 8 hours ago #2631 by Qurius
Qurius replied the topic: Session Keeper - forced logout
I don't use a login module any where on the site but just use the login form off a menu item instead ( users->login form) which I assume also uses the keep alive script?

Thanks
Last Edit: 5 days 8 hours ago by Qurius.

Please Log in or Create an account to join the conversation.

More
5 days 8 hours ago #2632 by michael
michael replied the topic: Session Keeper - forced logout
There are no stupid questions. I write extensions for Joomla and there are parts of the CMS that I don't understand yet.

The login module is just one thing that uses keepalive. Any AJAX request will keep the session alive, so if you have a plugin or module that's making regular AJAX requests - those requests will keep the session active and prevent timeout. My plugin looks for the built-in keepalive method, but there are many ways to keep the session alive.

If you're familiar with developer tools in your browser, you could load up a page and watch the network tab to see what's communicating. When you know what's being communicated, you'll have the first step in determining if it's something that can be changed.

Please Log in or Create an account to join the conversation.

More
5 days 8 hours ago #2633 by Qurius
Qurius replied the topic: Session Keeper - forced logout
Appreciate that...one last question about the plugin just so I have a reference for how it should work. Assuming there's no keep-alive running...at the point that the session keeper modal popup times out and the "Logged out" message displays, if there is no keep alive running then the session should be terminated without the user clicking on anything.

Please Log in or Create an account to join the conversation.

More
5 days 7 hours ago #2634 by michael
michael replied the topic: Session Keeper - forced logout
Yes, when the message pops up, the session timer has run out and the user should be logged out - assuming there are no keepalives on the page.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Kunena Forum