andi
The PHP session timeout would take care of that if you'd disable the "remember me" feature. I think theres a description somewhere here or in the wiki on how to at least hide the checkbox - search for it.
senti
I would need to somehow make sure that people, who are not 'active' for 10 minutes, get their session expired, so they need to log in again.
I know that auth_security_timeout is not going to help with this, so I won't ask about it ;)
I've tried changing PHP session variables (can't remember which ones, but I think I've tried all of them), thinking that maybe I could control session timeout that way. However, that didn't work either.
Is there a way to make sure user session ends after X minutes of inactivity?
Thanks.
senti
Hmm, I have "Remember me" disabled.
I'll see to try it again tomorrow, I guess.
Thanks :)
senti
Nope, doesn't work.
Just tried setting this:
php_value session.cookie_lifetime 60
php_value session.gc_maxlifetime 60
But even after 10 minutes of inactivity I was able to browse Wiki.
chi
Did you delete your old cookies?
andi
I think I was wrong. Even without remember me, the cookie stays valid for the browser session and will reestablish the login even when the session times out. You're out of luck then I think