Developer forum

Forum » Templates » Automatic log-out extranet after session-timeout

Automatic log-out extranet after session-timeout

Michael Fløe Haug
Reply

According to Nets security demands, a webshop extranet user should be logged out automatically if the user has been inactive for the time of the session-timeout (or other time set). This is not happening in DW today. Maybe it can be implemented in the template?


Replies

 
Nicolai Pedersen
Reply

Hi Michael

I've never heard that one before - if you have a link I would appreciate it - so we can make it controllable to that level. What if a user have a remember username and password checkbox? Is that not allowed either? Or if the browser remembers the username or password?

Dynamicweb will keep the login cookie alive for as long as the browser is open - but the session will still expire, but trigger a new silent login if that happens.

To change the expiration of that cookie to 20 mins, you can add this snippet to the end of your master/layout template.

            //Change expiration of the login cookie
            Dynamicweb.Environment.Cookie cookie = Dynamicweb.Context.Current.Request.Cookies["DW_ExtranetSessionCookie"];
            if (cookie != null)
            {
                cookie.Expires = System.DateTime.Now.AddMinutes(20);
                Dynamicweb.Environment.CookieManager.UpdateCookie(cookie);
            }

Thanks, Nicolai

 
Michael Fløe Haug
Reply

Thanx Nicolai, I will try your snippet on the solution.

I have a link https://www.nets.eu/globalassets/documents/denmark/in-danish/teller_terms_dk_300915_1059pdf

18.3 Sikkerhedskrav

Michael

 
Alexander Tømmerholen
Reply

Hello,

Is the code above still best practice to log off user after x amount of time has passed? or has there been any changes? We have a customer where they want users to be logged off after 5 mins, because of security reasons. When I tried the code above I was not able to make it work. The solution are running on the newest version of dynamicweb.

Best Regards
Alexander

 
Imar Spaanjaars Dynamicweb Employee
Imar Spaanjaars
Reply

I have the same question as Alexander: is this still the way to do it? I have a requirement that the user should be logged off after 15 minutes of inactivity. We set the session timeout to 15, but as stated above, it creates a new session silently.

 

 
Nicolai Pedersen Dynamicweb Employee
Nicolai Pedersen
Reply

Current version of Dynamicweb 9 have a login cookie that cannot be set to less than one day, so yes.

If you do not set the Autologin to true as part of the login, it probably also do not log you in again when session dies.

 
Imar Spaanjaars Dynamicweb Employee
Imar Spaanjaars
Reply

We tried that bit it still creates a cookie with a long lifetime, and it logs the user back in and creates a session after the timeout. We'll go with the code route and see how that works.

Thanks!

Imar

 

You must be logged in to post in the forum