Keeping the user logged in upon closing browser and returning to site

Hi,

Is it possible with WebLogin to allow a user to login but keep their session active so that if they closed their browser and came back to the site a few days later it would recognise they were still logged in without having to go through the login process again? Much like a "remember me" checkbox would do.

I’m sure it has something to do with setting a session expiry time or something like that, but am unsure where or how to go about this. Anybody have any idea?

Thanks in advance...

That is totally dependent on the user’s browser configuration. I have mine set to delete all session cookies when closing the browser, except for a few "exceptions" (such as these forums). So even if I do click a "remember me" checkbox, unless I add that domain to the exceptions list, when I close the browser the cookie is gone.

Hi Susan,

Thanks for this, I shall investigate this and maybe find a method that will allow users to specify an exception if they want to retain their cookie for next time?

Many thanks,
Dave

OK, I’ve done a bit more investigation into the problem and it seems that the cookie is stored on the browser (even if the browser is closed) until the user goes back into the site - at which point the cookie gets deleted (unset) and the user is asked to login again. For these tests I had set the browser not to delete cookies upon exiting the browser.

ie.

• Site accessed for first time by user, user logs in (cookie written to browser set to expire in 7 days)
• User remains logged in but closes browser (cookie still exists in browser)
• User returns to site within 30 mins and they are still logged in (cookie updated in browser)
• User remains logged in but closes browser again.
• Browser opened more than 30 mins later (cookie still exists in browser)
• Site then accessed after 30 mins, user appears to have been logged out (cookie has been deleted in browser)

Therefore, if more than 30 mins have elapsed since the user was logged in, weblogin is automatically deleting the cookie that exists before (or instead of) checking for it’s existence? Has anybody come across this before or can you point me in the direction of which lines of code to adjust to check for the cookie when first accessing the site?

Cheers, Dave

It’s not MODx or WebLogin doing this. The cookie only holds the SESSION filename. But on the server, PHP will remove session files after 20-30 minutes of inactivity (each "hit" updates the timestamp in the SESSION file). So when you go in after 30 minutes of inactivity, the SESSION file hasn’t been updated and is probably gone, so the cookie is no longer relevant and gets deleted. This is all handled automatically by PHP, MODx has nothing at all to do with it.

Susan, thanks for your help so far and for clearing up the confusion. I’ve never had to know anything about cookies and I’m still learning PHP, so I have no idea where to find the SESSION stuff or anything else. Can you or anyone else provide just a few pointers to get me started please?

This is really urgent and I am really stuck, so any help is very much appreciated.

Take a look at manager/media/script/session.js

It is included in the main Manager frame (manger/frames/1.php), and then manager/frames/menu.php has this at the bottom


Basically what it’s doing is requesting a 1x1 transparent image to be loaded in the top menu frame every few minutes. If you notice your browser status bar, you’ll see the activity. Every request from your browser updates the session file.

More on sessions here http://www.php.net/manual/en/book.session.php

You may especially be interested in this part http://www.php.net/manual/en/function.session-save-path.php

Or this http://www.php.net/manual/en/function.session-set-save-handler.php

Thanks Susan for your prompt reply. I’ll get reading. The concept I understand - just the implementation is the challenge (as always, i guess).

I tried the session_save_path bit myself once, attempting to maintain session values for user language choice. It worked, but it was a real pain in the neck. I ended up setting a custom cookie to store the language choice, and used a snippet to return the cookie value as the parameter for various other snippets, such as Wayfinder.

I seem to have fixed the problem, but I’m not sure if it will be detrimental to the site as a whole.

I copied, changed the name and edited the manager/includes/session_keepalive.php file into my weblogin directory, then added the StartCMSSession() call to weblogin.processor.inc.php and nicked a the start CMS session stuff from manager/includes/config.inc.php

I’m still logged in this morning, so that part of it works, but is my lazy approach likely to cause any problems?

And also, do I need to re-activate this line for security stuff that I commented out? And if so, can I leave it as is or do I need to copy that to the weblogind directory and make changes?



Sorry for so many questions. I’m still amazed it worked after just one error message (typo).