I did a test with Joomla 3.8.0,
I set the session duration in configuration to 2 minutes,
I created a "manager" user and logged in with this user in frontend,
after 4 minutes, the super user user was no longer logged into administration, while the user manager was still logged in to the frontend.
It seems then that the frontend does not expire the session.
Session Frontend ends after 2 minutes
Frontend Session does not expire
I have tested this results also with joomla 3.6.5 and joomla 3.7.5
|Category||Front End||⇒||Authentication Front End|
I can't reproduce. I upgraded from 3.6.5 to 3.8.0, changed my session from 15 to 2 minutes, signed out and back in again, then waited about 30 because i got distracted. But when I came back to the admin panel, and went to a different page I was signed out.
If you are on a frontend page that triggers the keepalive behavior (this can be seen in the page's source, look for
keepalive.js being loaded), then it is expected that the session won't expire. Joomla core commonly loads this on pages with form actions to avoid the possibility of the "invalid token" error message (if the session expires before you've submitted the form the token wouldn't be valid because the value is stored to the session for comparison).
Logged into https://downloads.joomla.org/ backend, set session time to two minutes. Logged into the frontend, navigated to https://downloads.joomla.org/latest and verified that the keepalive behavior was not loaded. Went and read some other stuff, came back about three minutes later and navigated to another page. Checked the footer (we have some conditional code in our template that changes the "Log in" text to "Log out" when authenticated), I had been correctly logged out.
Navigating to the login page gave me the login form, not the log out button.
nirovi remember also the "login form" module is a form. Also if you are logged the login form is here.
If you use the login module in frontend the users session won't expire
Hi, for me the problem is still there. The front end session does not expire. This is for me a security problem in case the logged user is a publisher. I have in all page a log out botton. But I did not find the keepalive function. How Can I solve this behavour ?
The login module I'm using is : BT Login Module Version 2.6.1 BT
unpublish that "BT Login Module Version 2.6.1 BT" module maybe is not compatible with 3.8
and use the core login module in the meantime
also with the core login module the users session won't expire like explained by mbabker. All forms load the keepalive.js
Actually the BT Login Module does not support keepalive functionality - it does not have the line
JHtml::_('behavior.keepalive'); ie it does not force the session not to expire
Also I use this module on a few sites. I can not confirm that this module is forcing the session not to expire.
So in conclusion your issue is not with the BT Login Module
|Closed_Date||0000-00-00 00:00:00||⇒||2017-10-05 13:00:41|