Ok, we been there, on a forum and have a set amount of log in time, only to find out when you go to post your log in cookie expired and now you have to log back in.
What this hack does is checks if the log in is about to expire and gives the user some more time.
In Load.php
Find
// This is a logged in user, so definitely not a spider.
$user_info['possibly_robot'] = false;
Add After
// Keep the cookie fresh if it is getting stale, add 10 minutes.
if (isset($_SESSION['login_' . $cookiename])) {
$data = unserialize($_SESSION['login_' . $cookiename]);
if (($data[2]-time()) < 60) {
require_once($sourcedir . '/Subs-Auth.php');
setLoginCookie(600,$data[0],$data[1]);
}
}
What this says if the users session is about to expire in less than 1 minute when they loaded the page, then give them a extra 10 minutes of time.
It does this by reading the session data, checking it and then call setLoginCookie to reset the cookie and rewrite the session if it is stale.
That's a a neat idea!
It would be great if that could be AJAXified :) The trick works if a page was loaded before, but if a user is writing a mega-post then it might still logout when posting ;)
Zitat von: margarett in April 19, 2016, 06:25:55 NACHMITTAGS
It would be great if that could be AJAXified :) The trick works if a page was loaded before, but if a user is writing a mega-post then it might still logout when posting ;)
It would be allot more code to add for sure.
One of the problems I can foresee is the session. When the cookie data for SMF changes it invalidates the data in the SMF session. So when the cookie is set SMF destroys any old sessions and regenerates a new one.
So in order to get that to work when the AJAX calls the site to keep the user logged in, the site will have to return the session ID. If the session ID has changed then the variables in the form and possibly the JavaScript will have to be updated.
OR
We can just have a check in the post sources when the form is submitted to check if the user had any other sessions prior to making the post. We would have to store the old sessions somewhere, to validate them after the form submit. We would still need a AJAX keep alive call but will not have to return anything. This method might be the easiest, less code.
*edit
Thinking about it we might just need the AJAX keep alive call, because when the session changes it updates the cookie. I remembered something from the good old days of designing 2-SI Chat. The cookie will be sent in a AJAX call, so all we need is a listener in the post form to check the cookie.
*edit
Cancel that, I forgot about database driven sessions, It is do-able though. As for the tip/trick, I'll leave as is for now.
Maybe this is not the best place to ask this, but how do you set the login time to "Forever" in SMF 2.0.x if you login via the quick login (login2)? Is there a way (a Mod maybe) to add a "Login Forever" tick box below the login credentials in the quick login boxes?