I installed and tested the current version of remember me. I then did a number of logouts and logins not sure what order but on one subsequent login I got the following information on the Who's Online Block.

There are currently 2 users and 0 guests online.
Online users

* cpergxxx
* cpergxxx

Would this be acceptable. Or do I need to make another setting to my Drupal user system or the remember me module?

Comments

chris pergantis’s picture

The second login "went away" a few hours later. Is it possible to limit the user login to one at a time?

nickl’s picture

Thank you for spotting this.

I will look into it as soon as I have some spare time agian.

chris pergantis’s picture

We removed the remember me module. I will wait for confirmation of the issue before we reinstall.

dbeall’s picture

You might check the config for the whos online block..It has a setting for how long a visit shows as on line after the first instance of a visit...

editing.. it's labeled user activity.. how long after last page view that it shows still on..
admin/build/block/configure/user/ * your number

nickl’s picture

Status: Active » Closed (works as designed)

How to reproduce:
Do not check remember me - forget the user
Login
Close the browser without logging out - this invalidates the browser session.
User stays on the Who's online block because they didn't log out.
Open browser access site - drupal does not authenticate the previous user hence, they have been forgotten.
Check remember me - keep user session active
Login
2 users with the same name on who's online block
Close the browser without logging out - this invalidates the browser session.
User stays on the Who's online block because they didn't log out. Still 2 users online.
Open browser access site - drupal authenticates the previous session, user logged in automatically, they are remembered.
Log out
Only one user remains - the first invalid session which cannot be accessed.

As per dbeall's comments you can configure how long users stay on the list since their last page activity by configuring the who's online block.

User activity: defaults to 45 mins
A user is considered online for this long after they have last viewed a page.

Changing this setting removes the user when time elapses.

This will be marked by design since the authentication works as expected and there is no other way than with a time out to eliminate sessions that were not logged out manually.

Thank you for your patience....

nickl’s picture

Title: Not sure if this is a bug.... » Dead sessions visable in who's online

Title change

nickl’s picture

Title: Dead sessions visable in who's online » Dead sessions visible in who's online

Oops

nickl’s picture

Title: Dead sessions visible in who's online » Phantom sessions visible in who's online
Version: 6.x-2.0 » 6.x-2.1
Status: Closed (works as designed) » Fixed

Phantom sessions are the result of abandoned sessions which were not closed via a log out request and the browser destroyed their session cookie identifiers. These sessions remain active and appear as online user's in the Who's online list block until they expire past the user activity period, default 15 minutes. If a user's session cookie has expired, ie. they chose to be forgotten and they return before their phantom session expire off the list it is possible for duplicate users to appear on the list since there is no way to restore the phantom session because the session cookie was destroyed.
The module can manage phantom sessions if enabled, default is disabled and will update the last activity timestamp of phantom sessions to expire past the user activity period, for the currently logged on user during hook_user() $op = login. This will cause the phantom session to disappear from the Who's online list and prevent duplicate users listed.
Notes:
When user returns to site within user activity period they will see phantom session in online list, whilst they are prompted for authentication credentials. The phantom session was forgotten.
Phantom sessions are not removed only the last activity timestamp is updated which will make them older, it is not in the scope of this module to do session garbage collection.
The same user is permitted to log in from multiple browsers, locations, devices. These sessions are not phantom, on initial hook_user $op=login the duplicate user will be moved off the list but because their timestamp will be updated during activity it is still possible to find duplicate users on the Who's online list of active users.

For convenience a link to the Who's online block settings form is included to tweak the user activity period and in so decrease the possibility of trapping a phantom session before users returns.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

nickl’s picture

Title: Phantom sessions visible in who's online » Remove Phantom sessions visible in who's online fixed in core
Assigned: Unassigned » nickl
Status: Closed (fixed) » Active

This issue was fixed in #107051: Same user listed multiple times in who's online block
Remove phantom session management

nickl’s picture

Version: 6.x-2.1 » 6.x-2.x-dev
Status: Active » Fixed

Completed in dev branches and 7.x-1.0-rc1 release

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.