News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

what constitutes and 'unused session' in the server settings?

Started by rcane, December 18, 2024, 06:57:44 PM

Previous topic - Next topic

rcane

I was just experimenting with the session times and set it stupidly low, but when i toggled over to that browser (different browser all together that I left untouched) to click "something" it just stayed logged in.


Arantor

You really should put that back to what it was.

When you visit the site, if you were logged in, you will either have a current session or you will have a cookie that contains enough information to regenerate the session. The session will last for (usually) 20 minutes from the last time you clicked on the website (potentially up to 60 if you are in admin)

Aside from the fact that regenerating a session from nothing is more computationally expensive than having a session (assuming people do more than just login but actually click around while logged in), the key point is that while logged in, there are certain checks made for actions that rely on the current session to avoid falsifying access.

In particular, if you start writing a post, and it takes you sufficiently long that you run out of the active session (so, you take half an hour writing a post), writing a post will fail with an error message because your session is no longer valid.

The session will be regenerated - but it will fail at validating for actions because part of the data sent during most data-changing actions isn't just the cookie but the current session data to verify that it's still you doing something.
Holder of controversial views, all of which my own.


rcane

Yeah I put it back right away.  It was 3000.

I was just curious if moving a mouse qualified or need it be clicks and such.

Thanks for the good description.

Sir Osis of Liver

I've had the experience several times of sessions timing out on 2.0 forums after just a minute or two while typing a post.  Doesn't happen often, but does happen.
When in Emor, do as the Snamors.
                              - D. Lister

Arantor

2.0 had instances where that could screw you up if previous page transitions didn't count towards regenerating the session, but that shouldn't happen as often in 2.1 because there's some database changes to help with that.

One side fact, on a writing forum I participate on this is a much bigger problem - it's easily needed to be more than 20 minutes, but we mostly solved this on our side with making sure auto saving draft posts were enabled (2.1) because the saving of a post refreshes the session in that respect.
Holder of controversial views, all of which my own.


Sir Osis of Liver

When in Emor, do as the Snamors.
                              - D. Lister

Arantor

Quote from: Sir Osis of Liver on December 18, 2024, 08:45:39 PMDon't think I've ever seen it in 2.1, and never here.


That's because it's behind multiple layers of configuration.

There's a master option for drafts on/off, one for whether drafts auto save or not, and then there's a user choice to turn on auto saving which is off by default. And it's permission related.

One of the best features IMO in 2.1 that no-one uses because you probably don't even know it's there and even if it is there, it's off.

E.g. it's not available in this board but it is in Chit Chat for manual saving. But that's limited help when you have auto saving off in your profile.

(Also: it doesn't save attachments meaning if you use the embed option, that's going to end poorly because I'm pretty sure drafts were entirely forgotten in that part of the thinking.)
Holder of controversial views, all of which my own.


Kindred

I think Sir Osis was saying that he never saw the "loss of session" error in 2.1
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

I assumed he meant he'd never seen draft functionality here because it is in fact, mostly off by default.

Also worth noting that the session behaviours here are not consistent with SMF baseline and behaviours here should never, ever be relied upon to compare against.
Holder of controversial views, all of which my own.


Sir Osis of Liver

Quote from: Kindred on December 19, 2024, 10:41:07 AMI think Sir Osis was saying that he never saw the "loss of session" error in 2.1

Yes, that's what I meant.  Don't remember the text of the error, but something to the effect that session had timed out.  Have only seen it on my own 2.0 forums, and couple of client forums.  Never in 2.1.  That might indicate it's server related.

When in Emor, do as the Snamors.
                              - D. Lister

Advertisement: