What happens when you make every page "secure" (in view.yml)? Does it work as expected then?
2009/6/22 Sid Bachtiar <[email protected]> > > But did you check the settings?? Most browser would kill the session, > because it is a privacy issue. > > On Mon, Jun 22, 2009 at 11:09 PM, dziobacz<[email protected]> > wrote: > > > > Remember me doesn't work in Firefox, IE8, Opera and Chrome. > > > > On 22 Cze, 12:50, Sid Bachtiar <[email protected]> wrote: > >> If you are using Firefox then check the Firefox settings. Make sure > >> session is not made expired on closing the browser. > >> > >> > >> > >> On Mon, Jun 22, 2009 at 10:45 PM, dziobacz<[email protected]> > wrote: > >> > >> > But checked 'remember me' checkbox doesn't work. > >> > >> > On 22 Cze, 12:30, Sid Bachtiar <[email protected]> wrote: > >> >> But I think there is a 'remember me' checkbox option that warns them > about it. > >> > >> >> It is a dangerous arrangement, so you need to be very careful here. > >> > >> >> On Mon, Jun 22, 2009 at 10:25 PM, dziobacz<[email protected]> > wrote: > >> > >> >> > But in 99% forums user is still loged on after closed and opened > >> >> > browser. For example here:http://www.dbforums.com/Sothis solution > >> >> > is normal and very popular. > >> > >> >> > I think I have found a solution: > >> > >> >> > user: > >> >> > class: myUser > >> >> > param: > >> >> > timeout: 2592000 > >> > >> >> > storage: > >> >> > class: sfSessionStorage > >> >> > param: > >> >> > session_cookie_lifetime: 2592000 > >> > >> >> > timeout and session_cookie_lifetime must be exacly the same because > >> >> > Symfony takes minimum from timeout and session_cookie_lifetime. > >> > >> >> > On 22 Cze, 12:09, Gareth McCumskey <[email protected]> wrote: > >> >> >> Here's an example scenario. Your user goes to an Internet cafe. He > logs into > >> >> >> your web application and does what he wants to do then closes the > browser > >> >> >> (without logging out first) then walks out the door. If the > session was not > >> >> >> killed on browser exit then the next person that comes along and > opens the > >> >> >> browser and views the history or if the browser was setup to keep > tabs open, > >> >> >> they can then access your users account. > >> > >> >> >> Work with the assumption that the browser exit will always kill > the session. > >> >> >> It is by far a better security arrangement. > >> > >> >> >> On Mon, Jun 22, 2009 at 11:45 AM, Sid Bachtiar < > [email protected]>wrote: > >> > >> >> >> > Hi, > >> > >> >> >> > That's just how browser usually setup, to kill session when it > is closed. > >> > >> >> >> > The timeout is for if user has the browser window opened, but > inactive > >> >> >> > (e.g.: not making any request to server) for x amount of time. > >> > >> >> >> > You need to think about the security aspect when setting the > timeout. > >> >> >> > The longer the timeout, the more chance of your user forgot to > logout > >> >> >> > and someone else using their account. > >> > >> >> >> > On Mon, Jun 22, 2009 at 8:59 PM, dziobacz< > [email protected]> wrote: > >> > >> >> >> > > User should be log in 30 days = 2592000 seconds. In > factories.yml I > >> >> >> > > have: > >> >> >> > > all: > >> >> >> > > user: > >> >> >> > > class: myUser > >> >> >> > > param: > >> >> >> > > timeout: 2592000 > >> > >> >> >> > > But after closed browser user is log out and he must log in > again, > >> >> >> > > why ? What should I do ? > >> > >> >> >> > -- > >> >> >> > Blue Horn Ltd - System Development > >> >> >> >http://bluehorn.co.nz > >> > >> >> >> -- > >> >> >> Gareth McCumskeyhttp://garethmccumskey.blogspot.com > >> >> >> twitter: @garethmcc > >> > >> >> -- > >> >> Blue Horn Ltd - System Developmenthttp://bluehorn.co.nz > >> > >> -- > >> Blue Horn Ltd - System Developmenthttp://bluehorn.co.nz > > > > > > > > > -- > Blue Horn Ltd - System Development > http://bluehorn.co.nz > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
