SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

[TIP/TRICK] Auto Renew Sessions

Started by nend, April 19, 2016, 03:21:53 PM

Previous topic - Next topic


Ok, we been there, on a forum and have a set amount of log in time, only to find out when you go to post your log in cookie expired and now you have to log back in.

What this hack does is checks if the log in is about to expire and gives the user some more time.

In Load.php
// This is a logged in user, so definitely not a spider.
$user_info['possibly_robot'] = false;

Add After
// Keep the cookie fresh if it is getting stale, add 10 minutes.
if (isset($_SESSION['login_' . $cookiename])) {
$data = unserialize($_SESSION['login_' . $cookiename]);
if (($data[2]-time()) < 60) {
require_once($sourcedir . '/Subs-Auth.php');

What this says if the users session is about to expire in less than 1 minute when they loaded the page, then give them a extra 10 minutes of time.

It does this by reading the session data, checking it and then call setLoginCookie to reset the cookie and rewrite the session if it is stale.


Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more! -  Paid Modifications for SMF

EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro


It would be great if that could be AJAXified :) The trick works if a page was loaded before, but if a user is writing a mega-post then it might still logout when posting ;)
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair


Quote from: margarett on April 19, 2016, 06:25:55 PM
It would be great if that could be AJAXified :) The trick works if a page was loaded before, but if a user is writing a mega-post then it might still logout when posting ;)

It would be allot more code to add for sure.

One of the problems I can foresee is the session. When the cookie data for SMF changes it invalidates the data in the SMF session. So when the cookie is set SMF destroys any old sessions and regenerates a new one.

So in order to get that to work when the AJAX calls the site to keep the user logged in, the site will have to return the session ID. If the session ID has changed then the variables in the form and possibly the JavaScript will have to be updated.


We can just have a check in the post sources when the form is submitted to check if the user had any other sessions prior to making the post. We would have to store the old sessions somewhere, to validate them after the form submit. We would still need a AJAX keep alive call but will not have to return anything. This method might be the easiest, less code.


Thinking about it we might just need the AJAX keep alive call, because when the session changes it updates the cookie. I remembered something from the good old days of designing 2-SI Chat. The cookie will be sent in a AJAX call, so all we need is a listener in the post form to check the cookie.


Cancel that, I forgot about database driven sessions, It is do-able though. As for the tip/trick, I'll leave as is for now.


Maybe this is not the best place to ask this, but how do you set the login time to "Forever" in SMF 2.0.x if you login via the quick login (login2)? Is there a way (a Mod maybe) to add a "Login Forever" tick box below the login credentials in the quick login boxes?
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."