[sAe]

Hello!

We've been working on a client project were they have to stay logged in for a couple of hours before getting
timed out. However i cannot seem to figure out how to raise the timeout setting in Yii.

What is the proper way of doing it? We're using plain CHttpSession, nothing funny there.

Thanks!

/Martin

[lgoss007]

Well they should be able to stay logged on for a couple hours.. they should only get timed out if they're not using the site (generating requests or posts). It's not good from a security perspective to make it longer.. and bad for performance.. but if you really need to then apache (or whatever web server) and php have their own session timeout variables. By default apache is 15 min for keeping a connection alive (keepalivetimeout). But it would be better to post a message to the user that they are about to be logged out.. and they have to click a "I'm still here" button to be kept alive.

[sAe]

lgoss007, on 17 March 2010 - 02:45 PM, said:

Well they should be able to stay logged on for a couple hours.. they should only get timed out if they're not using the site (generating requests or posts). It's not good from a security perspective to make it longer.. and bad for performance.. but if you really need to then apache (or whatever web server) and php have their own session timeout variables. By default apache is 15 min for keeping a connection alive (keepalivetimeout). But it would be better to post a message to the user that they are about to be logged out.. and they have to click a "I'm still here" button to be kept alive.

Well the security isn't an issue, it's however interesting that you mention performance? The only degradation of performance would
be the fact that the webserver will store more session files and space isn't an issue.
Can you confirm that it's not Yii killing the session or is it a guess from your side?

Thanks,
Martin