incubator-zeta-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jérôme Renard (JIRA) <>
Subject [jira] [Commented] (ZETACOMP-81) Session timeout
Date Sat, 14 May 2011 05:19:47 GMT


Jérôme Renard commented on ZETACOMP-81:

Hi Philipp,

Here is what I propose :

we could add an ezcAuthenticationSessionOptions::idleTimeout attribute that would be used
to handle user inactivity.

This could be used in conjunction with ezcAuthenticationSessionOptions::validity in the following

ezcAuthenticationSessionOptions::validity handles the global timeout for the session, but
if ezcAuthenticationSessionOptions::idleTimeout is isset (and inferior to ezcAuthenticationSessionOptions::validity)
then the system will handle that attribute as well.

As an example here is how you could configure the session : 
validity : 1 hour
idleTimeout : 10 minutes

You would get 
$options = new ezcAuthenticationSessionOptions();
$options->validity = 3600;
$option->idleTimeout = 600;

That way is the user is inactive for more than 10 minutes, his session is removed, if not
his session is removed after 1h anyway.

What do you think ?

> Session timeout
> ---------------
>                 Key: ZETACOMP-81
>                 URL:
>             Project: Zeta Components
>          Issue Type: Bug
>          Components: Authentication
>            Reporter: Philipp Kamps
> Not sure, but looks like the session timeout is strange. I have following code:
> 		$options = new ezcAuthenticationSessionOptions();
> 		$options->validity = 10;
> 		$session = new ezcAuthenticationSession( $options );
> I would expect a session timeout after 10 seconds __OF INACTIVITY__. But it looks like
it's a total lifetime of 10 seconds, even when I'm active ( constantly requesting more pages
that start the session ).

This message is automatically generated by JIRA.
For more information on JIRA, see:

View raw message