Hello everyone,
Happy new year!
I found that my admin account cannot be automatically log out in the following cases, such as: network disconnection/ device shutdown/ IP change/Close the browser/ close admin page.
How to make it as safe as cPanel? As long as there is any change in the login conditions, it will automatically log out and request to log in again.
Many Thanks!
You can perhaps add your custom code to admin/controller/common/header.php or admin/controller/startup/startup.php
HuntBee OpenCart Services
https://www.huntbee.com
What web browser? Some of the cases could be down to browser settings. For example if you have "On start-up" set to "Continue where you left off" in Chrome. Chrome will not delete session cookies on close.moco123 wrote: ↑Wed Jan 06, 2021 10:22 amHello everyone,
Happy new year!
I found that my admin account cannot be automatically log out in the following cases, such as: network disconnection/ device shutdown/ IP change/Close the browser/ close admin page.
How to make it as safe as cPanel? As long as there is any change in the login conditions, it will automatically log out and request to log in again.
Many Thanks!
Thanks for your reply.
I think it’s not browser setting issue. Under the same conditions, cPanel has no such problem.
I tried to set header.php/startup.php, but them didn't work.
I am not good at code. Could some friends give me some ideas?
Many Thanks!
I think it’s not browser setting issue. Under the same conditions, cPanel has no such problem.
I tried to set header.php/startup.php, but them didn't work.
I am not good at code. Could some friends give me some ideas?
Many Thanks!
It would be helpful if you posted your OpenCart and PHP versions and the theme you are using.
For device shutdown / close the browser / close admin page, check in your browser's developer console that OCSESSID is a actually a session cookie. Web browsers should delete all session cookies on close. I tested 3.0.3.x and OpenCart, which behaved exactly the same as cPanel. If it doesn't for you, it could be due to a modification or your theme.
You may want to implement this fix that stops expired session from being read, which could help.
https://github.com/opencart/opencart/pull/6613/files
For the others your probably want to save $this->request->server['REMOTE_ADDR'] in the session. Similar to to the user_token.
https://github.com/opencart/opencart/bl ... in.php#L15
Then check it is the same at startup. Again similar to to the user_token.
https://github.com/opencart/opencart/bl ... hp#L29-L35
You may want to implement this fix that stops expired session from being read, which could help.
https://github.com/opencart/opencart/pull/6613/files
For the others your probably want to save $this->request->server['REMOTE_ADDR'] in the session. Similar to to the user_token.
https://github.com/opencart/opencart/bl ... in.php#L15
Then check it is the same at startup. Again similar to to the user_token.
https://github.com/opencart/opencart/bl ... hp#L29-L35
Who is online
Users browsing this forum: No registered users and 5 guests
