• decola
  • Junior Member
  • Offline
  • Registered: 2009-09-13
  • Posts: 4

Topic: My dream? Disabling visit timeout

Hi all.
I am integrating PunBB to the webapp I am developing. Quite smooth job luckily. I like PunBB very much.

I have just one single problem. In my webapp the user session lasts until the browser is closed.
In PunBB there is the 'Visit Timeout' setting that logs out the user automatically after x seconds.

Is there a way to disable this behaviour? I would like the user session to end when the user closes their browser. It is very important in my system.
I haven't found the way.

I am even ready to hack the code.
I think I should change the function forum_setcookie. Indeed, I should set $expire to 0 if its value is time() + $forum_config['o_timeout_visit'] (actually it is a bit trickier than that.)

Can you guys help me, please?
Dan

  • Registered: 2009-09-14
  • Posts: 3

Re: My dream? Disabling visit timeout

I have a similar issue and am listening for replies,

Pete

  • Slavok
  • PunBB Developer
  • Offline
  • From: Russia
  • Registered: 2008-06-11
  • Posts: 1,238

Re: My dream? Disabling visit timeout

You don't need to edit the function "forum_setcookie". You need to find where this function is called in the core and set the expiry time to 0 (the files "<FORUM_ROOT>/include/functions.php", "<FORUM_ROOT>login.php", "<FORUM_ROOT>profile.php", "<FORUM_ROOT>register.php").

Slavok's Website

4 Reply by decola (edited by decola 2009-09-14 10:03)

  • decola
  • Junior Member
  • Offline
  • Registered: 2009-09-13
  • Posts: 4

Re: My dream? Disabling visit timeout

Slavok wrote:

You don't need to edit the function "forum_setcookie". You need to find where this function is called in the core and set the expiry time to 0 (the files "<FORUM_ROOT>/include/functions.php", "<FORUM_ROOT>login.php", "<FORUM_ROOT>profile.php", "<FORUM_ROOT>register.php").

Thanks Slavok very much.
Yes, I did a grep and I found those four files. But I think it is better to do a centralize hack rather than 4/5 hacks all across the code (they could become more in a new version).
And don't forget we need not to break the rememberme facility.

Instead, I was thinking to add this at the beginning of forum_setcookie():

    global $forum_config;
    // if ($expire == time() + $forum_config['o_timeout_visit']) // this is the condition in theory...
    // ...but the value returned by time() may change in different points of the code. Then:
    $time_threshold = time() + $forum_config['o_timeout_visit'];
    if ( ($expire >=  $time_threshold-3) && $expire <=  $time_threshold+3 ) // 3 secs of safety net
      $expire = 0;

I have tried it and seems to work OK.
What do you all  think?

  • decola
  • Junior Member
  • Offline
  • Registered: 2009-09-13
  • Posts: 4

Re: My dream? Disabling visit timeout

I have just realised there is this hook call in the forum_setcookie:
fn_forum_setcookie_start

I can use that without even hacking the code. Am I right?
Hooks are so beautiful! smile

  • Slavok
  • PunBB Developer
  • Offline
  • From: Russia
  • Registered: 2008-06-11
  • Posts: 1,238

Re: My dream? Disabling visit timeout

decola wrote:

I have just realised there is this hook call in the forum_setcookie:
fn_forum_setcookie_start

I can use that without even hacking the code. Am I right?
Hooks are so beautiful! smile

Yes, you are right. The hook will look like:

<hook id="fn_forum_setcookie_start"><![CDATA[
      global $forum_config;
      $time_threshold = time() + $forum_config['o_timeout_visit'];
      if ( ($expire >=  $time_threshold-3) && $expire <=  $time_threshold+3 ) // 3 secs of safety net
         $expire = 0;
    // Enable sending of a P3P header
    header('P3P: CP="CUR ADM"');

    if (version_compare(PHP_VERSION, '5.2.0', '>='))
        setcookie($name, $value, $expire, $cookie_path, $cookie_domain, $cookie_secure, true);
    else
        setcookie($name, $value, $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure);
    return TRUE;
]]></hook>

Slavok's Website

  • decola
  • Junior Member
  • Offline
  • Registered: 2009-09-13
  • Posts: 4

Re: My dream? Disabling visit timeout

Slavok, many thanks for your very valuable help.