Access to PrestaShop corporate website French English Change language
Hello, Guest |
| Register
Remember me Forgot password ?
Site Map Site Map Contact us Contact us
PrestaShop job
 

Team members online:


 
Post Reply
New Topic
[Solved] Authentication: feature request

papai
offline
Posted: 28 August 2008 03:50 AM   [ Ignore ]
Regular
RankRankRank

Messages :

  • total: 29
  • last 7 days: 0
Joined: 2008-03-17

After I login into Back Office, my working session last until I click on logout button. That mean, if I login and close or turn off my computer, my account still verified in cookie and I still use Back office without having ti login again.

I would recommend that we set our session is ended after an amount of time that we don’t use the Back Office of turn off computer. That may make Back Office safer and more security.
 
bramp
offline
Posted: 28 August 2008 12:45 PM   [ Ignore ]   [ # 1 ]
Regular
RankRankRank

Messages :

  • total: 43
  • last 7 days: 0
Joined: 2008-08-15

This is a useful feature, and one I requested for the front office.

You can set the timeout of the cookie to last the lenght of the browser session by doing the following:
Change line 50 of classes\Cookie.php from:

$this->_expire = isset($expire) ? intval($expire) : (time() + 1728000);

to
$this->_expire = isset($expire) ? intval($expire) : 0;

Now this should set the default expire time to zero, which will cause the cookie for the front and back offices to expire when the user closes the browser.

To change it for just the back office is a little harder as you need to modify 1 or 2 lines in about 10 files, or do a nasty hack in Cookie.
 
Madrilene
offline
Posted: 28 September 2008 09:48 PM   [ Ignore ]   [ # 2 ]
Senior Member
RankRankRankRankRank

Messages :

  • total: 127
  • last 7 days: 0
Joined: 2008-04-01

hi bramp
thank you for the line code, it works perfectly
except the fact that if the windows appears (with IE7) in a new “tab” then if you only close the shop tab, and reopen in the same window, the client is still logged (that’s logical because the windows itself has not been closed), but it would be nice if the cookie could dissapear also when only the tab is shut down….
 
bramp
offline
Posted: 28 September 2008 11:18 PM   [ Ignore ]   [ # 3 ]
Regular
RankRankRank

Messages :

  • total: 43
  • last 7 days: 0
Joined: 2008-08-15

Unfortunately we can’t control when the browser deletes the cookie, so you will have to live with IE7 not deleting it until the window is closed. Perhaps try Google Chrome as that ensure each tab is separated from the others.
 
Madrilene
offline
Posted: 29 September 2008 12:54 AM   [ Ignore ]   [ # 4 ]
Senior Member
RankRankRankRankRank

Messages :

  • total: 127
  • last 7 days: 0
Joined: 2008-04-01

Ok thanks
i ‘m happy even with this minor trouble wink
 
vline
offline
Posted: 07 November 2008 12:33 AM   [ Ignore ]   [ # 5 ]
Beginner
Rank

Messages :

  • total: 5
  • last 7 days: 0
Joined: 2008-10-26

How do you set the cookie to logout due to inactivity? So far, you’re describing one of 2 scenarios:

1. [$this->_expire = isset($expire) ? intval($expire) : (time() + 1728000); ] is set to expire in 20 days.

2. [$this->_expire = isset($expire) ? intval($expire) : 0;] is set to expire when you close the browser out which closes the session.

If you set the cookie to expire in say 10 minutes or 600 seconds, it’ll expire whether or not there’s activity. How do you refresh or reset the cookie time to authenticate you within the session if you’re still actively navigating it?
 
 
 
Fast Reply
New Topic
 
‹‹ Importing Products      Maxing File Size in virtual products bigger? ››