Login Timeout

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.
This thread is closed to new posts. You must sign in to post in the forums.
5/21/2008 1:26:00 AM
sherwinchu
Gravatar
Total Posts 18
View Posts

Login Timeout

Hi Joe,

Is there a time-out functionality for logged-in users?  Say after 30 minutes to an hour of inactivity, the portal logs them out?

Thanks,

Sherwin

5/21/2008 8:06:32 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Login Timeout

If the user does not choose "Remember Me", I think the login token expires according to the Forms Authentication timeout setting. If they choose remember me the login cookie is persistent across sessions.

Hope it helps,

Joe

5/22/2008 5:47:56 AM
sherwinchu
Gravatar
Total Posts 18
View Posts

Re: Login Timeout

Thanks!  That worked.

For the benefit of other users, I also did some client-side timeout functionality by inserting the following Javascript code in the master page or layout.Master file:

<%
   if (SiteUtils.GetCurrentSiteUser() != null) {
%>
      <script type="text/javascript">
          var timeout = <%= Session.Timeout * 60000 %>;
          var logoff = "<%= ResolveUrl("~/Logoff.aspx") %>";
          window.setTimeout('window.location=logoff ', timeout);
      </script>
<%
}
%>

Session.Timeout is in minutes, so it has to be converted into milliseconds (Javascript timeout is in milliseconds).  The above code snippet will only insert the Javascript code onto the page if a user is authenticated.  The Javascript redirects the browser to the logoff page after a period of inactivity as set by the timeout value.

This method is not really sexy, but works.

Sherwin

5/22/2008 1:04:46 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Login Timeout

Hi Sherwin,

That seems like a solution that could have unwanted side effects. Since the timer is only reset by reloading the page, what happens if someone is editing an article for a very long time? The contents of the editor are updating but thats in a frame and is not reloading the outer page. If the user doesn't save his work frequently he could lose it as soon as you log him out.

On another note, yesterday I implemented an option if you want to remove the Remember Me from the login page, you can set AllowPersistentLoginCookie to false in Web.config

Best,

Joe

5/22/2008 10:34:49 PM
sherwinchu
Gravatar
Total Posts 18
View Posts

Re: Login Timeout

Hi Joe,

Yes, you are right.  Thanks for warning about the side-effects.  That way, developers will be fully informed when deciding to use this or not.

Cheers,

Sherwin

You must sign in to post in the forums. This thread is closed to new posts.