In an extranet point of view, It should be nice to have in the default settings, somewhere to set a time limit for an active login session. By now, it seems that a user can stay log in as long as he wants, for an extranet use, where some contents are private and where people could log in from anywhere, it should be nice to end a session after a given time if there is no activity.
The default coult be unlimited, same behavior as now, or the admin could indicate a duration in seconds.
Regards,
eric

Comments

FlemmingLeer’s picture

FlemmingLeer commented

There´s an experimental that I found here via site search via google:

http://lists.drupal.org/archives/development/2006-02/msg00075.html

moshe weitzman’s picture

moshe weitzman commented
Status: Active » Closed (works as designed)

see bottom of settings.php

Jhef.Vicedo’s picture

Jhef.Vicedo commented

Maybe this could help, I have tried this and users' session was automatically terminated after 20mins of inactivity

Add these lines on .htaccess or you could change these on settings.php

php_value session.gc_maxlifetime 1200
php_value session.gc_probability 1
php_value session.gc_divisor 1

value of session.gc_maxlifetime is in seconds, so modifying its value to 60 would timedout the users after 1 min.

cookiesunshinex’s picture

cookiesunshinex commented
Version: x.y.z » 6.20

@Jhef.Vicedo,

Does that actually work to terminate a user session after 20 minutes of inactivity?

What about if they are logged in for 20 minutes and working...does it also terminate their user session in the middle of their work?