Sessions don't expire! 11 Years, 9 Months ago
|
Karma: 0
|
Hi,
For some reason since installing multisite the sessions don't expire... ever! I've logged into the site in the evening, then closed it and on revisiting the site the next day I was still logged in.
Even when I go into phpmyadmin and delete all entries in the sessions table it doesn't log me out but just recreates the session when I refresh the site.
This is a security issue as I use it on an ecommerce website and customers have their bank details stored.
Any ideas what could be causing this?
Thanks
|
|
|
|
|
Re: Sessions don't expire! 11 Years, 9 Months ago
|
Karma: 54
|
No idea like that.
Can you provide more info on the Joomla version and also the extension installed ?
Do you share the users between websites ?
Do you use the plugin "SSI for domains" ?
Joomla has some feature to keep alive some pages.
Perhaps that you have a module or something that make the page "keeep alive"
|
|
|
|
|
Re: Sessions don't expire! 11 Years, 9 Months ago
|
Karma: 0
|
Hi,
Sorry my bad. I'm not using SSI, user-sharing is enabled and I'm using the following versions:
Joomla 1.5.26
Joomla Multi Sites: 1.2.97
Patches definition: 1.2.91
I don't think its keep-alive as I can shut down my computer, revisit the next day and I'm still logged in.
I thought maybe its the cookies not expiring but on checking which cookies are set for the domain I saw they only have a lifetime of 15min (which is what I want) but get recreated upon visiting the site, even if they've run out and the sessions table has been cleared from within PHPMyAdmin.
It's a mystery to me...
|
|
|
|
|
Re: Sessions don't expire! 11 Years, 9 Months ago
|
Karma: 54
|
Sorry but I don't know the reason.
You seems to be a technical guy and as you have checked the cookies with 15mn, the only reason that I see is the "keep alive" mechanism that consists to post request all the times on your server to keep it alive.
Check if you don't have a javascript or similar that call your server and that would keep the connection alive.
|
|
|
|
|
Re:Sessions don't expire! 11 Years, 8 Months ago
|
Karma: 0
|
hello abemedia, i have the same problem, even if i didnt install multisite... did you manage to find a solution please??
|
|
|
|
|
Re:Sessions don't expire! 11 Years, 8 Months ago
|
Karma: 54
|
Can you precise the joomla version number.
Do you have that with Joomla 1.5 or 2.5 or 3.0 or 3.1 ?
If I understand correctly, this is a joomla issue as it also occurs whej Jms Multi Sites is not installed.
The only case that I know that you can stay alive is in the article (but other places).
When you edit an article joomla perform a "keep alive" processing to maintain the session open while the screen is displayed.
Such mechanism "keep alive" can also be used by other extensions (component, module, plugins, ...) so perhaps you have a specific extension that make that alive.
Can you reproduce this behavior on a fresh joomla installation (without any extensions installed) ?
If not, can you try to install extension (one by one) to try identifying which extension might cause this "keep alive"
JMS does not use (or call) the joomla "keep alive".
Another possiblity would be a "session timeout" that is very large.
By default the joomla configuration use "15 minutes".
|
|
|
Last Edit: 2013/04/06 13:30 By edwin2win.
|
|
|