Session Timeout

gwinton · March 11, 2012, 2:45am

Is there a way to shorten the sessions? 30 days is to long for me. I would like it to be 1 hour.

tonyclewis · March 11, 2012, 3:08am

What session are you talking about. You have given us no information to assist you.

gwinton · March 11, 2012, 4:13am

When you logon to the admin page a session is started in /var/lib/php/session. If you close the explorer page and not log out, the next time you start the explorer page and navigate to the admin page it does not ask you to log back in. It starts up in the menu section. I would like it to have a timeout of around 1 hour then clear the session file so that it will force you to login again.

gwinton · March 11, 2012, 5:22pm

Hey Tony any ideas? Should I create a cron job to delete the sessions after an hour?

SkykingOH · March 11, 2012, 10:54pm

Yeah Tony - 6 hours on a Sunday and you didn’t reply to a feature request…You are really slacking.

tonyclewis · March 12, 2012, 2:37am

Sorry I took a rare day off. No I am not sure. I would google php session timeout options. It is not really a FreePBX thing but a php thing. Google is your best friend. My brain only has so much knowledge in life and google is what I use for 99% of what I need to learn or figure out.

gwinton · March 12, 2012, 2:38pm

I found the lines that set the sessions. It is in /var/html/www/admin/config.php

It starts at line 67

session_set_cookie_params(60 * 60 * 24 * 30);//(re)set session cookie to 30 days
ini_set(‘session.gc_maxlifetime’, 60 * 60 * 24 * 30);//(re)set session to 30 days

I have adjusted these and no effect. I am just a beginner on php. My guess is that it stands for 60 secs * 60 minutes * 24 hours * 30 days = 259200 seconds

Any help would be appreciated.

gwinton · April 5, 2012, 4:17pm

I will post this here as I want to get other opinions. Originally it would save the cookie on the computer and allow you to go back into the admin screen at any time after you logon the first time. The only way was to make sure that you hit the logout button. Not always does the user logout and anyone can come back into the admin screen from that same computer. I modified the script to close the session after the browser is closed forcing the user to logon again.
From the above post at line 67 I changed it to this.

setcookie(“PHPSESSID”, 0);//close cookie after browser is closed
session_set_cookie_params(60);//(re)set session cookie till browser is closed
ini_set(‘session.gc_maxlifetime’, 60);//(re)set session to 1 minute
if (!isset($_SESSION)) {
//start a session if we need one
session_start();

After you replace the script you will need to go to the directory of /var/lib/php/sessions and remove all entries.
If others feel that this is the way it should be, Then I will submit this as a bug fix.

jac3land · November 21, 2013, 11:42pm

Hi All,

Thanks, this help a lot.

Just wanted to us if there is a way to manually kick/end Logged in users with his login session.

Regards,

J