Hi,
we just noticed, that if a user is logged in, and they close the browser and restart it that the session is still active and the user is still logged in ?
it appears the session is not destroyed when the browser is closed.
No, it won't. Have you enabled "remember me" when you log in?
i don't have that option even visible on the login screen.
I'll try clearing out my temp directory and cache
sticcino wrote:
it appears the session is not destroyed when the browser is closed.
Indeed. That's why there is a EW_USER_PROFILE_SESSION_TIMEOUT constant in the generated "ewcfg*.php" file. You may simply adjust the value of this constant, so that for such case, the session will be destroyed after that timeout value is exceeded. Please correct me if I'm wrong.
If you enabled "Remember me" (Security Tab -> Login Option) the SESSION is still there after browser closed.
The SESSION, then, destroyed after session timeout.
To adjust session timeout value:
Security Tab -> Advanced button -> User Login Options -> Login -> Login status timeout (minutes)
This is for concurrent login.
Session timeout is on:
Tools -> Advanced Settings -> Session timeout period (minutes)
You should also have to set session keep alive interval larger than 0. Refer to help file for more details.
These settings also goes to cookie. Try to clear your browser cookie if things didn't work as expected.