I’d like to make my app stay logged in until the user actually logs out. It currently randomly logs people out and they have to log back in which is a pain on mobile. How can I keep the user logged in on mobile?
I have these settings …
I am thinking something like this should work … just not sure how to add it (where to put the code)?
Might be worth checking server side what your session timings are Brad. Increase the amount of time server side and the session should/will persist for that set period. Sometimes this can override other settings you may configure. Same for cookies too. If you don’t have access to configure the server directly you may be able to find a .htaccess hack/work-around to allow you to define the variables there to achieve the same.
You need to adjust in your php.ini:
; After this number of seconds, stored data will be seen as ‘garbage’ and
; cleaned up by the garbage collection process.
; http://php.net/session.gc-maxlifetime
session.gc_maxlifetime = 80000
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
; http://php.net/session.cookie-lifetime
session.cookie_lifetime = 31557600
And restart the httpd instance.
We also do this on the login page for example. Have a check exists action to see if a session exists if it does forward to the desired area (saves user logging in again)… If unauthorized (ahhh hate Z’s should be unauthorised, petty I know hahaha) redirect to prompt for login.
Thanks Dave,
Do you do this with an action scheduler?
No not necessary. But you could use a scheduler action to refresh the clients credentials every 20 minutes or so while they are in their user area for example...
Its simple:
We have an index.html file with two dynamic actions based upon a response. This index page calls to see if a user profile exists for the user, which if the session is alive, should exist otherwise its unauthorised (security provider attached to the user profile action in Server Connect so returns either success or unautorised). In the index page (dynamic actions for the user profile) the redirects are based upon this return. So if unautorised redirect to index_login.html (or you could use a show/hide div with a login form, but we prefer to see the redirects for logging/monitoring), and if it does exist forward to the designated user area. No more complicated than that really...
Theoretically when the user opens your application and it calls the index.html page the above happens saving users from repeatedly logging in as they are directed straight to their user area…
Hope that makes some sense!
Yeah, I use this method. I want to try the .htaccess method. Question is would the .htaccess file go in the app or the API site?
API site Brad as that is where the sessions are being created.
Well that certainly makes things easier. I will give that a try and hopefully it helps.
Thank you so much again.
