Yii Framework Forum: Timeout issues - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Timeout issues Rate Topic: -----

#1 User is offline   sAe 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 51
  • Joined: 18-May 09
  • Location:Sweden, Karlstad

Posted 17 March 2010 - 12:38 PM

Hello!

We've been working on a client project were they have to stay logged in for a couple of hours before getting
timed out. However i cannot seem to figure out how to raise the timeout setting in Yii.

What is the proper way of doing it? We're using plain CHttpSession, nothing funny there.

Thanks!

/Martin
0

#2 User is offline   lgoss007 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 88
  • Joined: 01-October 09

Posted 17 March 2010 - 02:45 PM

Well they should be able to stay logged on for a couple hours.. they should only get timed out if they're not using the site (generating requests or posts). It's not good from a security perspective to make it longer.. and bad for performance.. but if you really need to then apache (or whatever web server) and php have their own session timeout variables. By default apache is 15 min for keeping a connection alive (keepalivetimeout). But it would be better to post a message to the user that they are about to be logged out.. and they have to click a "I'm still here" button to be kept alive.
0

#3 User is offline   sAe 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 51
  • Joined: 18-May 09
  • Location:Sweden, Karlstad

Posted 17 March 2010 - 07:42 PM

View Postlgoss007, on 17 March 2010 - 02:45 PM, said:

Well they should be able to stay logged on for a couple hours.. they should only get timed out if they're not using the site (generating requests or posts). It's not good from a security perspective to make it longer.. and bad for performance.. but if you really need to then apache (or whatever web server) and php have their own session timeout variables. By default apache is 15 min for keeping a connection alive (keepalivetimeout). But it would be better to post a message to the user that they are about to be logged out.. and they have to click a "I'm still here" button to be kept alive.


Well the security isn't an issue, it's however interesting that you mention performance? The only degradation of performance would
be the fact that the webserver will store more session files and space isn't an issue.
Can you confirm that it's not Yii killing the session or is it a guess from your side?

Thanks,
Martin
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users