Hi All,
I need to make our authenticated Drupal users be automatically logged out when they close their browser. I have installed 4.6.0 and the Front Page module and user's don't get logged out after they close the browser. I believe this is the expected behaviour. I understand for some users this is a useful feature but for us and probably many others, this is a serious security hole (will upgrade 4.6.3 shortly to fix the latest security issue). If we have Drupal users login at an internet cafe and just close their browser and leave then someone else may come along and open the browser at the same URL and access their private data. I haven't tested to see if there is any time limit for this. I can't see anywhere in Drupal where I can easily configure the behaviour we require. Can anyone give some direction on how to achieve this.
Thanks
Murray
Comments
Automatically log out users
Casper Labuschagne
*** Drupal Status : Rank Beginner ***
I also have a case where ( D r u p a l 6 . 3 ) users at a company get disconnected from the Internet at 18h00 and the Internet is restored at 8:00 when they arrive for work (a security measure due to past events of security breaches) and in the morning users simply continue where they left off yesterday.
I would like to force them to log in again after a timeout. The next day person A is away and person B simply carries on posting comment etc as person A albeit unknowingly. This causes interesting, albeit negative, social interactions.
Thanks for any advice
Casper
See lower post, provide an
See lower post, provide an explicit time (in seconds).
The 0 is for browser session only.
A number provided is explicit time. Do note that this period is from first cookie creation, not last.
Also see php.net/session
In sites/default/settings.php
In sites/default/settings.php (or your sites config file if different)
replace
ini_set('session.cookie_lifetime', 2000000);
with
ini_set('session.cookie_lifetime', 0);
That should do it IIRC.
Thanks Travis. That did the
Thanks Travis. That did the trick. Surely for security reasons, that should be the default setting.
Thanks
Murray
Is the problem with Firefox
I've changed the session.cookie_lifetime setting in my settings.php file to 0, but users still remain logged on when they close their browsers if they are using firefox. In IE6 this seems to work fine.
Does anyone know a way around this?
Thanks
Barry
Have you ensured the
Have you ensured the existing cookie has been cleared?
Yes, I did delete the old
Yes, I did delete the old cookie.
May be some catch problems
It works with all the browsers. Try clearing your catch.
Sunny
www.gleez.com
Thanks
Ravi
for Mozzila its not working properly
Ravi
Logout user when browser closed
You should check weather the settings.php file in drupal have the write permission, then only the changes will affect in your code..
After that, change this in settings.php
replace ini_set('session.cookie_lifetime', 2000000);
with ini_set('session.cookie_lifetime', 0);
Try the above it works fine...
Doesnt work in firefox
Has anyone figured this out? It works fine in IE6, but even after I clear the cache in firefox, it stays logged on.
should work with ffox too
I tested with Firefox and it works. Note that this solution doesn't make a "logout" - it just clear browser's session information.
The problem with Firefox is that, if you have more firefox windows opened, when you close your "drupal" window, the firefox process is still active (to manage all the other windows). Firefox (as far as I know) always manage multiple windows with one single process.
When you will close ALL your firefox windows, then the main firefox process closes itself - and you are finally logged out from drupal - not before.
I.E. acts sligthly different. When you click on I.E. icon more times, it opens different processes to manage any different window. So when you close the single window, the related process is also closed - and the session information is "cleared", so you are logged out. Please note that also with I.E. if you open new windows with "file | new" (and not clicking on i.e. icon), it manages more windows within the same process - so you can have the same behaviour of firefox (must close all windows to be "logged out").
Hope this can help you. Feel free to insult me if I said something wrong ;-D
thank you!!!! i have been
thank you!!!!
i have been looking for something like this for awhile!
i have also same problem
HI
I am also facing same problem .If u get the solution please tell me.
In IE i's working but in firefox doesnot working.
Thanks
in advance.
same problem in Drupal 6
Has anyone been able to have users automatically logged out when closing their browsers in Drupal 6? See this post for more info (http://drupal.org/node/258060). The cookie solutions aren't creating this effect when put in settings.php or .htaccess
Here's the cookies part of my settings.php file:
I'm hosting with GoDaddy, using PHP 5.2.5, and MySQL 4.1.22, and Drupal 6.
Sincerely,
Andrew G
Firefox Staying Logged On to Session
I am having the identical problem. However, my session.use_only_cookies is set to '1', thus requiring cookies to conduct a session.
FF: Not werkin'
I tried to set settings.php to
ini_set('session.cookie_lifetime', 0);
but in mac FF3 it does nothing...I confirm setting
I confirm setting session.cookie_lifetime to 0 works for Safari3,IE6,IE7 but does not work on FF3 (Mac). I closed the browser completely (all windows). But reopening FF3 session is maintained.
Anyone have any more information on this FF3 issue.
Michael Hofmockel
iMed Studios
Open Source | Open Access | Open Mind
FF Logout
Did you quit FF or just close the window? The Firefox process is still alive even if you close all the windows on a mac.
I just tested on Opera (Linux) and it didn't work either.
I confirm it doesn't work
I confirm it doesn't work with FF3 and Opera. I think the reason for that is 'session manager' which restores the session along with cookies when tab or whole browser is closed.
Do we have a solution for that yet?
Close <yourSite> tab then FireFox and your session will be des..
For ff3 it work like that. First you need to close drupal TAB (yoursite) window then you can close whole browser (even if you have some other tabs still working e.g. gmail.com, drupal.org it's OK). After relaunching your ff3 and trying to reach your site you should be anonymous user again.
Firefox persistent sessions. Bug or Feature???
Client Request:
Log users out when they close the web browser.
Solution:
Simple, set the cookie lifetime to 0
Not so fast:
FireFox can persist sessions for eternity under some conditions, even when the application is closed and the computer powered down.
Bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=443354
I had a discussion with some FF developers on IRC Chat. Most feel this is a feature. This is reflected in the fact that no one is concerned enough to assign themselves to the bug.
Reading the comments in the Bug list shows an interesting debate with no clear winner.
What do you think? Bug or Feature?
ref: http://www.imedstudios.com/labs/node/19
annoying bug feature pft they
annoying bug
feature pft they dont know the issue or how its come about more like it........
feature :D lol code for i dont know how to fix that.....
FF Logout
One of the "features" in FF3 is "Show my windows and tabs from last time"
I changed this to "Show my home page" this actually logged the session out.
It seems that when it tries to open previous windows/tabs it also retains the session info.
So it "works" in FF if the end user doesn't use "Show my windows and tabs from last time"