But in 99% forums user is still loged on after closed and opened
browser. For example here: http://www.dbforums.com/ So this solution
is normal and very popular.
I think I have found a solution:
user:
class: myUser
param:
timeout: 2592000
storage:
class: sfSessionStorage
param:
session_cookie_lifetime: 2592000
timeout and session_cookie_lifetime must be exacly the same because
Symfony takes minimum from timeout and session_cookie_lifetime.
On 22 Cze, 12:09, Gareth McCumskey <[email protected]> wrote:
> Here's an example scenario. Your user goes to an Internet cafe. He logs into
> your web application and does what he wants to do then closes the browser
> (without logging out first) then walks out the door. If the session was not
> killed on browser exit then the next person that comes along and opens the
> browser and views the history or if the browser was setup to keep tabs open,
> they can then access your users account.
>
> Work with the assumption that the browser exit will always kill the session.
> It is by far a better security arrangement.
>
> On Mon, Jun 22, 2009 at 11:45 AM, Sid Bachtiar <[email protected]>wrote:
>
>
>
>
>
> > Hi,
>
> > That's just how browser usually setup, to kill session when it is closed.
>
> > The timeout is for if user has the browser window opened, but inactive
> > (e.g.: not making any request to server) for x amount of time.
>
> > You need to think about the security aspect when setting the timeout.
> > The longer the timeout, the more chance of your user forgot to logout
> > and someone else using their account.
>
> > On Mon, Jun 22, 2009 at 8:59 PM, dziobacz<[email protected]> wrote:
>
> > > User should be log in 30 days = 2592000 seconds. In factories.yml I
> > > have:
> > > all:
> > > user:
> > > class: myUser
> > > param:
> > > timeout: 2592000
>
> > > But after closed browser user is log out and he must log in again,
> > > why ? What should I do ?
>
> > --
> > Blue Horn Ltd - System Development
> >http://bluehorn.co.nz
>
> --
> Gareth McCumskeyhttp://garethmccumskey.blogspot.com
> twitter: @garethmcc
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
