On 8/10/06, Anthony Chee <[EMAIL PROTECTED]> wrote:
I would like to ask how the two parameters mentioned co-operate
together. Are they overlapped on the functionality?
I tried to set IDLE_FOR is 30m and _SESSION_ETIME is 10m for the
program. I discovered that I can still access the logged-in page after
closing the browser, skipping the normal logout procedure, and accessing
the system again. Is it normal? How should I config the two parameters
if I want to ignore the old session when accessing the system again
after closing the browser?
There is no way for the server to know that you closed your
browser,and then started it up again. To guess that this happened we
usually use 'browser session' cookies which have no fixed expiry set.
That means that the browser is supposed to clear that cookie when the
browser closes, but to keep it for ever if the browser stays open.
So when you set an expiry on your CAP::Session, the cookie gets an
expiry time, which means it does not act as a 'browser session'
cookie, so when you close the browser, the cookie gets saved to disk,
and the next time you open your browser, the cookie is loaded back in
(unless the exiry time has passed).
So if you set an expiry on your CAP::Session closing the browser does nothing.
The IDLE_FOR parameter sets an expiry on one of the parameters in your
CAP::Session. It basically tells it that this parameter is only good
for 10 minutes. But on every request, it resets that timeout, since
the user is not idle and has another 10 minutes to go.
So I guess what you want is to remove any expiry on the CAP::Session
configuration, and just use the expiries in the Authen configuration.
Let me know if that works for you.
Cheers,
Cees
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/[email protected]/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
