Developer forum

Forum » Development » Extranet session timeout

Extranet session timeout

E-mail notifications
Dmitrij Jazel
Reply
Posted on 06/08/2014 10:50:28

Hej guys,

I was almost sure I could find a good answer. But could not find anything that would look prommising.

 

Just wanted to know how to extend logged in user session.

After user authenticates - I want the session to last an hour or more.

I thought that this: http://stackoverflow.com/questions/648992/session-timeout-in-asp-net could have been an answer, but DW has <authentication mode="Windows" />.

 

Otherwise maybe it's session state timeout I should increase? 

<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20" />


Replies

 
Nicolai Høeg Pedersen
Posted on 07/08/2014 10:22:26
Reply
This post has been marked as an answer

You cannot control session that good, but changing the session timeout will help. BUT - be aware that it takes up more memory on the server.

 

Another solution is to use extranet autlogin feature. That will keep users logged in for days, weeks or month if needed.

In the login form create a field named "Autologin" and set its value to true. Then the users login will be persisted or renewed whenever they return from the same computer. For how long it should be valid can be controlled by a cookie:

http://manual.dynamicweb-cms.com/Default.aspx?ID=6648 - see "Valid for (days)" cookie.

Votes for this answer: 1
 
Dmitrij Jazel
Posted on 07/08/2014 10:25:49
Reply

Hej Nicolai,

Thanks for info, I think I will give it a shot.

Will let you know how it goes...

Thanks for so far :)

 

Dmitrij

 
Dmitrij Jazel
Posted on 18/08/2014 14:59:05
Reply

Hej Nicolai,

I did those changes in User Management as you suggested. Surelly I needed them.

In addition to that, I also needed to include those fields

<input type="hidden" value="true" name="DWExtranetUsernameRemember" id="DWExtranetUsernameRemember" <!--@DWExtranetUsernameRemember--> />
<input type="hidden" value="true" name="DWExtranetPasswordRemember" id="DWExtranetPasswordRemember" <!--@DWExtranetPasswordRemember--> />

Didn't had them (forgot to include) from the start - that was my headache.

Must remember to include them now all the time.

 

Regards,

Dmitrij

 
Remi Muller
Posted on 21/08/2014 12:20:23
Reply

Hi Nicolai,

With this topic in mind. Have you guys taken a look at this feature request (in a product development meeting)?

http://developer.dynamicweb.com/forum/feature-requests/extranet-login-cookie-auto-login-for-session-and-x-days.aspx

I think i would be very helpfull if we can restore the user session as long as the login session cookie is valid.

 
Nicolai Høeg Pedersen
Posted on 22/08/2014 08:48:29
Reply

Hi Remi

No, we have not been looking at that.

If we were to keep the session and its data alive for real, that would be a major task. But we could re-login the user as long as the session cookie is valid, and some information like the cart will be reloaded into session. But all kinds of other data will be missing.

So it will be the same as using the the autologin feature. Except that would work for 1-X days, and this would work for the duration of the session cookie.

Nicolai

 
Dmitrij Jazel
Posted on 22/08/2014 11:44:17
Reply

I actually like the Nicolais aproach, and that is the way how it was used before.

IMHO server performance and stability of the system is something that is more important than ocasional extra requirenments. As long as no dramatic changes are undertaken, and feature is well known and reliable, don't see a need in changing it.

 
Remi Muller
Posted on 25/08/2014 08:36:28
Reply

"So it will be the same as using the the autologin feature. Except that would work for 1-X days, and this would work for the duration of the session cookie."
Yes Nicolai that is what i am aiming for.

I do not want additional server load of keeping 'the real' asp.net session alive. People have been using workarounds to keep the session alive but this is bad for server resources.

The advantage would be that for autologin for the session cookie we do not need to ask the user.

To use auto login for x days in a persistant cookie we can ask permission.

 
Imar Spaanjaars Dynamicweb Employee
Imar Spaanjaars
Posted on 25/08/2014 14:02:32
Reply

This sounds great as it gives you the best of both worlds.

 

Imar

 
Mikkel Toustrup Olsen
Posted on 10/03/2015 08:51:26
Reply

Hi Nicolai,

I was wondering, isn't possible to override the "Valid for (days)" cooke in x amount of hours instead of days? :-)

/MikkelTO

 
Nicolai Høeg Pedersen
Posted on 10/03/2015 10:49:07
Reply
This post has been marked as an answer

Hi Mikkel

Currently not - I've made a change for 8.6 so you can specify the valid for days as a double, i.e. 0.12 days.

Until then you can make a Notifications.Standard.User.OnAfterLogin notification subscriber with this code:

Dim cookie As HttpCookie = HttpContext.Current.Request.Cookies("DW_Extranet")
If Not cookie Is Nothing Then
 cookie.Expires = Now.AddHours(4)
End If

In 8.6.1 we also have TFS#16094 "Keeping the login alive as long as the session cookie is a live" which will keep the login a live as long as the browser is open.

BR Nicolai

Votes for this answer: 1

 

You must be logged in to post in the forum