How do I increase the admin timeout?

Admin account seems to auto-log-out after about 10 (?) minutes or so. How do I increase this time?

Thanks,
jorge.

Hmmm, Jason? Raymond?

this timeout is set in your host’s php.ini file; if you are on shared hosting there isn’t much you can do about it. You can edit the config.inc.php to have php save its session files in a folder on your server space, and then it won’t be part of the general shared system’s garbage collection. But then you will need to keep an eye on that folder and delete the old session files from time to time, since they will never get removed otherwise.

http://il.php.net/session
http://il.php.net/manual/en/function.session-save-path.php
http://www.php-mag.net/itr/online_artikel/psecom,id,513,nodeid,114.html

If someone could research and contribute a secure and flexible cookie-based authentication scheme to implement with MODx, that would be great. This is simply a limitation of the original authentication code which is completely dependent on the server session settings, and no one has yet addressed. I think this needs to be a high-priority. I will be addressing this in 1.0, but if someone wants to contribute a solution to the 0.9.x line in the meantime, that would be stupendous.

I have a habit of keeping lots of tabs open all the time, including my MODx site / manager, and it did not take long to discover I had to log in again after 20 min or so. Fixed that with @ini_set("session.gc_maxlifetime","3600"); which works fine for me. But rather than making any recomendations myself, take a look here: http://www.captain.at/howto-php-sessions.php
Some really cool science stuff as well.

Cheers

@abbeyroad: This will have no effect on a shared hosting server, since the shared /tmp directory gets cleared out whenever the lowest time set for any user on the system indicates. One person even set his for a few seconds, for testing, and it turned out that was affecting everyone else on the same server.

http://modxcms.com/forums/index.php/topic,3878.0.html

The only way out of that is to not have your session files stored in the shared (usually /tmp) directory. This is also better security-wise, since it makes it harder for intruders to browse session files and hijack any that they find interesting. Even better is to store the session data in the database, which I would like to see an option for in MODx some day.

This is not a fix but rather a strategy for dealing with this limitation. I keep an extra tab open to the manager and after any extensive changes to a page refresh it (the extra tab) before saving in the working tab(s). Yeah it’s still cumbersome but better than losing work over it.

I Really hope this gets fixed soon, honestly I am baffled this script doesn’t have a good cookie (or database) option when it is so advanced in so many other ways. Wish I knew enough about cookies to diy, but I just can’t learn that right now due to my schedule.

---Indie

A simple workaround could be to use some AJAX to send periodical requests to the web server, just to keep the session alive. I guess it shouldn’t be difficult to implement.

As a source of inspiration, consider GMail. While you are editing a message, the client periodically contacts the server to save a copy of the edited message in the draft box, and the user does not notice anything (apart from the "Draft saved at" notice).

For what it’s worth, here is what I ended up putting in my config.inc.php file to work around this problem (based on the above posts):



As mentioned earlier in this thread, it may be that the PHP garbage collector doesn’t cleanup sessions in this directory. So it will fill up your harddrive (especially if you have lots of visitors). Or, maybe I haven’t waited long enough.

It will fill up your hard drive. You’ll have to go in and delete them yourself, or better still make yourself a script you can run from time to time. You will probably want to use this function, http://il2.php.net/manual/en/function.fileatime.php and any file whose last access time is less than the current time minus xxx number of seconds (it’s a Unix timestamp value) gets deleted. Actually, it would be pretty easy to make a module to do that so you could just run it from the Manager.