[xwiki-users] Automatically logout after certain amount of time
Dear XWiki Users, I've got a question regarding automatic logout after a certain amount of time. In this thread I've learned that I need to change MyPersistentLoginManager.java to enable auto logout: http://lists.xwiki.org/pipermail/users/2011-December/021368.html The problem is that it is located in xwiki-platform-oldcore, so I presume it is deprecated? https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-core/xwik... In the current Xwiki HEAD I've found these XML files, but I couldn't find anything related to auto-logout. AFAIK it is not documented yet. https://github.com/xwiki/xwiki-platform/tree/master/xwiki-platform-core/xwik... Any suggestions, what should I do? Changing session-timeout in WEB-INF/web.xml doesn't help. Any help will be appreciated. Regards, Patricia Sz.
On Thu, Jul 12, 2012 at 9:27 AM, Patrycja Suchomska <[email protected]> wrote:
Dear XWiki Users,
I've got a question regarding automatic logout after a certain amount of time. In this thread I've learned that I need to change MyPersistentLoginManager.java to enable auto logout: http://lists.xwiki.org/pipermail/users/2011-December/021368.html
The problem is that it is located in xwiki-platform-oldcore, so I presume it is deprecated? https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-core/xwik...
oldcore is (too) slowly transformed into components but it's still used for many things which are not deprecated (meaning that we would love to deprecated them but we need to write the alternative first ;)).
In the current Xwiki HEAD I've found these XML files, but I couldn't find anything related to auto-logout. AFAIK it is not documented yet. https://github.com/xwiki/xwiki-platform/tree/master/xwiki-platform-core/xwik...
Any suggestions, what should I do? Changing session-timeout in WEB-INF/web.xml doesn't help.
Any help will be appreciated.
Regards,
Patricia Sz. _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- Thomas Mortagne
On 07/12/2012 03:27 AM, Patrycja Suchomska wrote:
Dear XWiki Users,
I've got a question regarding automatic logout after a certain amount of time. In this thread I've learned that I need to change MyPersistentLoginManager.java to enable auto logout: http://lists.xwiki.org/pipermail/users/2011-December/021368.html
The problem is that it is located in xwiki-platform-oldcore, so I presume it is deprecated? https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-core/xwik...
In the current Xwiki HEAD I've found these XML files, but I couldn't find anything related to auto-logout. AFAIK it is not documented yet. https://github.com/xwiki/xwiki-platform/tree/master/xwiki-platform-core/xwik...
Any suggestions, what should I do? Changing session-timeout in WEB-INF/web.xml doesn't help.
Any help will be appreciated.
The default MyPersistentLoginManager handles two types of logins: - "remember me" logins sets timed cookies valid for a configurable amount of time, see https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-core/xwik... - session logins valid until the user closes the current browsing session (this used to mean "browser restart", but at least some browsers have a "restore previous session" behavior that can make it harder to kill a browsing session) Reading from the setMaxAge method, there's a configuration parameter that you can set to change the default session timeout. Specifically, edit WEB-INF/xwiki.cfg and add this line: xwiki.authentication.cookielife=0.02 That says how many days a login is valid, so 0.02 days is almost 30 minutes. Adjust according to your needs. The problem is that those cookies are set only when logging in explicitly, so if a user logs in and then actively browses the site, in 30 minutes he's going to be logged out, and this isn't what people want most of the time. If you dare modify the sources, then what would be needed to have a proper "inactive timeout" auto-logout, is to change com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(SecurityRequestWrapper, HttpServletResponse, XWikiContext) so that it calls this.persistentLoginManager.rememberLogin(request, response, username, password) at the end of the if (this.persistentLoginManager != null) block. To remove the "session login" functionality, you should override login.vm to change the "remember me" checkbox into a hidden input that's always true. See http://platform.xwiki.org/xwiki/bin/view/DevGuide/Skins#HHowtooverrideaSkin for information on skin overrides. -- Sergiu Dumitriu http://purl.org/net/sergiu/
participants (3)
-
Patrycja Suchomska -
Sergiu Dumitriu -
Thomas Mortagne