PHPMaker has provided the constant in the configuration (ewcfg*.php) file in order to compare with the value of your users' idle in the website that created with PHPMaker. This constant is called with EW_USER_PROFILE_SESSION_TIMEOUT. If you read the PHPMaker help file from the Security Settings -> Login status timeout (minutes) --- and I believe that this item is related with the constant that we are talking about --- the description for it is as following:
The number of idle minutes after which the login status will be considered as logged out and login will be allowed again.
If a logged-in user does not explicitly log out (for example, close the browser directly), the user session is not closed and the user's login status will remain as "logged in". Attempts to login again will fail. This timeout setting ensures login will be allowed again after a period of idle time.
Unfortunately, PHPMaker does not use this constant in order to make your user auto logout when user does not do any activities in your web application. I believe, there is no such feature until now (just correct me if I am wrong, and show me how to implement it!). So I customized the PHPMaker template files in order to add this "auto logout after idle for the certain time" feature into the websites that created with PHPMaker.
After implementing this customization, then each time the current logged in user does not do any activities in your web application for the certain time that you have defined in that constant above, then that current logged in user will be automatically logged out by the system. He/she will have to login again in order to access your web application. This feature usually we found and used in the Internet Banking Web Application. This is one of the important features for the security purpose.
[hidepost]
-
Open your phpcommon-scripts.php file, and find this code:
<!--##~SYSTEMFUNCTIONS.Security##-->
after that line of code, insert this following code:
// Begin of modification by Masino Sinaga, for Auto Logout after idle for the certain time, September 2, 2011 $LastAccessDateTime = strval(@$UserProfile->Profile[EW_USER_PROFILE_LAST_ACCESSED_DATE_TIME]); if (ew_DateDiff($LastAccessDateTime, ew_StdCurrentDateTime(), "n") > EW_USER_PROFILE_SESSION_TIMEOUT) { header("Location: logout.php"); } // End of modification by Masino Sinaga, for Auto Logout after idle for the certain time, September 2, 2011
- Re-generate all of your files using PHPMaker.
[/hidepost]
Leave a Reply
You must be logged in to post a comment.