如何在Concrete5 CMS(v5.7)中延长会话的默认持续时间?感觉我必须经常再次登录。
答案 0 :(得分:1)
我发现实现此目的的一种方法是修改/application/config/concrete.php:
return [
//----------------------- SUPER LONG SESSIONS -------------------------
// We want to extend the session cookie to last for 4 months
// so that users are not bugged for their password all the time.
// WARNING: This does reduce security and potentially increase the chance of
// session-hijacking but if you're willing to make the trade-off, here goes
'session' => [
'name' => 'CONCRETE5',
'handler' => 'file',
// We'll use our own specific save_path so that others on our
// server don't garbage-collect our sessions
'save_path' => DIR_APPLICATION . '/files/tmp/sessions',
// 40 days (in seconds). This is a timeout value.
// If session is not used for 40 days, it is likely to be garbage collected
'max_lifetime' => 3456000,
'cookie' => [
'cookie_path' => false,
// This defaults to 0 which is a session cookie
// (ends when browser is closed)
// Extending to last 4 months (in seconds). Cookie will span multiple
// browser restarts up until this max value, and then user will be forced
// to login again (yes, even in the middle of a session, beware!)
'cookie_lifetime' => 10510000,
'cookie_domain' => false,
'cookie_secure' => false,
'cookie_httponly' => true
]
],
// Browser user-agents and IP addresses may change within that time
// so we will disable strict checking for those
'security' => [
'session' => [
'invalidate_on_user_agent_mismatch' => false,
'invalidate_on_ip_mismatch' => false
],
]
];
旁注:
成员所属的特定组存储在会话中,仅在登录时刷新,或者在仪表板中更改某些权限时刷新。发生这种情况时,Concrete5会自动更新/application/config/generated_overrides/concrete.php中的时间戳,但如果您想在会话中强制刷新用户权限,也可以手动执行此操作:
return array(
...
'misc' => array(
'access_entity_updated' => 1453869371,
),