[#31269] - [3.9] User still listed as logged in after Session Time
- Closed
- 12 Nov 2022
- Medium
- Build: 3.9.22
- # 31269
Trying to make my life easy, I enabled Shared Sessions: Yes in Backend with a default Session Lifetime of 15 Minutes.
Already seen that there are Sessions listed under Logged-In Users for my Account,
I think that this should not happen with a Session lifetime of 15 Minutes.
Steps to reproduce the issue
-
Set Session Lifetime to default (15 Min) or another small value.
-
Set Shared Session: to Yes
-
To be sure, set Session Handler to PHP
-
Save settings and logout
-
Login back into backend and check Frontend that youre logged in there too (by enabling Frontend editing for example).
-
Log out and wait longer to be sure that Session Lifetime expired
-
Login back into backend and recognize that you're still listed under Logged-In Users with your (expired?) session.
Expected result
No listed Logged-In Users after Session Lifetime is expired in Backend.
Actual result
Sessions of several days are still listed as logged in under Logged-In Users in Backend
System information (as much as possible)
Setting Value
PHP Built On Linux www39.your-server.de 4.19.0-12-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64
Database Type mysql
Database Version 5.7.32-1
Database Collation utf8_general_ci
Database Connection Collation utf8mb4_general_ci
PHP Version 7.4.11
Web Server Apache
WebServer to PHP Interface cgi-fcgi
Joomla! Version Joomla! 3.9.22 Stable [ Amani ] 6-October-2020 15:00 GMT
Joomla! Platform Version Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT
User Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
Additional comments
The List of Logged-In Users (Sessions) seems also not be sorted by the Timestamp.
joomla-cms-bot
- 
Isn't that the job of plugin "System - Session Data Purge" where you have settings for session data cleanup?
I just can say, that the behaviour before I changed to Share Session to Yes, was different and I saw only my own session (current), when I was logged in.
When I click on delete icon, no matter how old, I get logged out of the backend and the sessions listed were deleted.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/31269.
My expectation is, a) Session time is responsible for all sessions.
b) when I want to delete an older Session, I do not get logged out of the current one.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/31269.
@ReLater :
Isn't that the job of plugin "System - Session Data Purge" where you have settings for session data cleanup?
That is not a what I wanted and have an issue with it.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/31269.
That is not a what I wanted and have an issue with it.
Yes. I've understood that meanwhile with your later addition "I get logged out of the backend".
jwaisner
- | Labels |
Added:
J3 Issue
|
||
| Labels |
Added:
No Code Attached Yet
J4 Issue
Removed: J3 Issue ? |
||
I think this is not a real issue since in the action log only real user actions are logged - expired sessions are not, but i agree that the title "Logged-in users" is not accurate - expired sessions are not taken into consideration - same behaviour in Joomla 4
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/31269.
i agree let's close this
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2022-11-12 14:48:58 |
| Closed_By | ⇒ | alikon |
Backend should be added as well to the Categories, because the Logged-In Users are on default only visible there.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/31269.