如何延长 Concrete5 CMS (v5.7) 中的默认会话持续时间?感觉就像我必须过于频繁地再次登录。
1125 次
1 回答
1
我发现实现此目的的一种方法是修改内部的会话处理设置/application/config/concrete.php:
return [
//----------------------- SUPER LONG SESSIONS -------------------------
// We want to extend the session cookie to last for 4 months
// so that users are not bugged for their password all the time.
// WARNING: This does reduce security and potentially increase the chance of
// session-hijacking but if you're willing to make the trade-off, here goes
'session' => [
'name' => 'CONCRETE5',
'handler' => 'file',
// We'll use our own specific save_path so that others on our
// server don't garbage-collect our sessions
'save_path' => DIR_APPLICATION . '/files/tmp/sessions',
// 40 days (in seconds). This is a timeout value.
// If session is not used for 40 days, it is likely to be garbage collected
'max_lifetime' => 3456000,
'cookie' => [
'cookie_path' => false,
// This defaults to 0 which is a session cookie
// (ends when browser is closed)
// Extending to last 4 months (in seconds). Cookie will span multiple
// browser restarts up until this max value, and then user will be forced
// to login again (yes, even in the middle of a session, beware!)
'cookie_lifetime' => 10510000,
'cookie_domain' => false,
'cookie_secure' => false,
'cookie_httponly' => true
]
],
// Browser user-agents and IP addresses may change within that time
// so we will disable strict checking for those
'security' => [
'session' => [
'invalidate_on_user_agent_mismatch' => false,
'invalidate_on_ip_mismatch' => false
],
]
];
旁注:
成员所属的特定组存储在会话中,并且仅在登录时或在仪表板中更改某些权限时才会刷新。发生这种情况时,Concrete5 会自动更新 中的时间戳/application/config/generated_overrides/concrete.php,但如果您想在会话中强制刷新用户的权限,您也可以手动执行此操作:
return array(
...
'misc' => array(
'access_entity_updated' => 1453869371,
),
于 2016-01-25T06:59:17.740 回答