This question about Configuration: Answered

Session Expiration Handling

Our wiki is read-mostly. Only a small handful of users have edit access.

We do not want to have to log in again unless we have quit the browser and/or rebooted the computer!

According to /bin/configure:
For best performance, you can set ={Sessions}{ExpireAfter}= to a negative number, which will mean that Foswiki won't try to clean up expired sessions using CGI processes. Instead you should use a cron job to clean up expired sessions.

That only says that FW won't try to clean up expired sessions. It implies that sessions will still expire.

I tried setting {Sessions}{ExpireAfter} to 9999999 but RichMorin is getting the login request window now several times a day, so either 9999999 is too large or... something is wrong.

If I use a negative number, will that also prevent expiration of sessions? Will it allow us to log in and work and keep working for days without needing to log in again?

RichMorin is getting several "something suspicious has occurred" nastygrams every day; at least a few of these require him to log in (and retrieve the previous edit session). This is wrong...

-- VickiBrown - 09 Feb 2016

Check {Sessions}{ExpireCookiesAfter} as well. The browser simply may have decided that the cookie is outdated. It then asks for a new one which results in a new session object being created on the server.

That is:

  • The session object on the server is controlled by {Sessions}{ExpireAfter}
  • The cookie in the user's browser is controlled by {Sessions}{ExpireCookiesAfter}

You will need to log in again when either of them expired.

-- MichaelDaum - 09 Feb 2016

QuestionForm edit

Subject Configuration
Version Foswiki 2.1.0
Status Answered
Related Topics
Topic revision: r4 - 09 Feb 2016, MichaelDaum - This page was cached on 03 Jun 2017 - 09:13.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License