| Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum https://www.tinywebgallery.com/forum/ |
|
| Invalid Token - User not logging out or timing out https://www.tinywebgallery.com/forum/viewtopic.php?f=13&t=3797 |
Page 1 of 1 |
| Author: | Cpointcc [ 6. Feb 2015, 21:09 ] |
| Post subject: | Invalid Token - User not logging out or timing out |
I have a client who has checked his Joomla login on the front end to be remembered. When he logs into the uploaded manager from the front, many time he will leave the screen open and inactive. Also he states the is not logging out and just closes the browser. The Issue: The global configuration is set to log off after 15 minutes of inactivity, yet with the password remembered and closing the browser he is able to revisit the uploaded with out a login and stay active even after the default Joomla log off time. He said he never has to re-log in yet when he does try to log off it give him the Invalid Token Message. I explained that between the inactive time and the browser cache that is possible. However this clearly shows a security issue. How can I explain this better or prevent the invalid token message? |
|
| Author: | Cpointcc [ 11. Feb 2015, 16:16 ] |
| Post subject: | Re: Invalid Token - User not logging out or timing out |
Does anyone know how to help me address this issue? |
|
| Author: | TinyWebGallery [ 11. Feb 2015, 17:01 ] |
| Post subject: | Re: Invalid Token - User not logging out or timing out |
The flash tries to keep the login alive because uploads can last longer than 15 min. But if he closes the browser the session should be gone. How is the joomla session set? Best, Michael |
|
| Author: | Cpointcc [ 11. Feb 2015, 17:21 ] |
| Post subject: | Re: Invalid Token - User not logging out or timing out |
Customers discussion: Just to let you know. As discussed yesterday, I did simply close my website “window” while still logged in yesterday morning. I would have expected the site to “time me out”. When I went back to the site this evening I found that I was still logged in and had access to web portal folders without the need to type in a login or password. Furthermore, as with previously discussed, when I attempted to log out it was not allowed as the screen went completely white with the words “invalid token” in the upper left hand corner. To make a long story short: the site is doing the exact same thing as previously described. The current settings for the global config are: caching off, session lifetime: 15, session handler: none. JFUploader version 3.2.2 |
|
| Author: | TinyWebGallery [ 11. Feb 2015, 17:26 ] |
| Post subject: | Re: Invalid Token - User not logging out or timing out |
You where still logged into Joomla as well? |
|
| Author: | Cpointcc [ 11. Feb 2015, 17:45 ] |
| Post subject: | Re: Invalid Token - User not logging out or timing out |
The customer is logging in from the front end. I am logged in to the front end with his user/pass and logged into the back end with my own admin and I does not show visitor logged in. When I refresh the admin it shows 0 users logged in. Then after I refreshed again and it shows 1 admin. I am able to see the front end editing tools as well. Attachment: screenshot showing no users logged in but 1 each are.jpg [ 133.94 KiB | Viewed 15200 times ] |
|
| Author: | TinyWebGallery [ 11. Feb 2015, 21:37 ] |
| Post subject: | Re: Invalid Token - User not logging out or timing out |
So you talk about Joomla login. How should the flash uploader be releated to this? |
|
| Author: | Cpointcc [ 13. Feb 2015, 16:35 ] |
| Post subject: | Re: Invalid Token - User not logging out or timing out |
Yes I can understand why you would ask that. My question is this: would the joomla login settings/credentials be overriden by the jfuploader settings? I am trying to troubleshoot the issue and looking for any support I can get. I guess since my client and I were only recognizing it during the usage with JFUploader tools I assumed it was originating there. If you confirm that is impossible I will look to the Joomla forum directly. |
|
| Author: | Cpointcc [ 13. Feb 2015, 16:51 ] |
| Post subject: | Re: Invalid Token - User not logging out or timing out |
Here is what I found googleing "joomla session timeout not working on front end" Many Joomla pages (especially those with a form) will run a 'keepalive' javascript that periodically hits the server, keeping your session alive. This is because you wouldn't want your session to timeout while you were in the middle of filling out a form. If you really want to disable this feature, there's a line in components/com_users/views/profile/tmpl/edit.php like: JHtml::_('behavior.keepalive');. You can remove that (or better, override the template file and remove it there) and your users will inconveniently time out even if they are trying to fill out a form. So is the component keeping the user alive? |
|
| Author: | TinyWebGallery [ 13. Feb 2015, 17:03 ] |
| Post subject: | Re: Invalid Token - User not logging out or timing out |
Yes - I use this too. But only if you stay on the page. |
|
| Author: | Cpointcc [ 13. Feb 2015, 18:38 ] |
| Post subject: | Re: Invalid Token - User not logging out or timing out |
Do you recommend using the suggestion or have any other ideas on how to force the logout as expected? |
|
| Author: | TinyWebGallery [ 13. Feb 2015, 18:45 ] |
| Post subject: | Re: Invalid Token - User not logging out or timing out |
This would not work. You would have to disable this in the compeonent. Search for behavior.keepalive in the code of JFUploader and than you find 2 places. One for the admin section and one for the frontend. Simply remove the whole line. Best, Michael |
|
| Page 1 of 1 | All times are UTC + 1 hour [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|