Up until now, BlueBox2.0 has had a user-session length control in the configuration file. This applied to all users of the system. If left at zero it would mean that a user's session would never expire and if set to a number, that would represent the number of minutes that a session would last for.
Now there is a field in the bb_user table called session_force_timeout_minutesNUM which allows you to set the session-life per user. Once set, on next login the specific user will have a forced logout after the number of minutes specified.
A handy implementation of this would be to add the following checkbox to the standard login form -
<input type=checkbox name=global[fields][session_force_timeout_minutesNUM] value=3>
This would instruct the security wrapper to updated the account with the specified number of minutes if the box was checked.
No comments:
Post a Comment