Home > Fluid Dynamics Search Engine > Help > 1078

Security: Controlling the session timeout value

When you log in to the admin page, you will be granted a time-stamped authentication token. The token will be stored either in a temporary session cookie (preferred) or in the query string (if your browser does not support cookies). By default, your token will be valid for 60 minutes. After that time, you will have to enter your username and password again.

The admin page will transparently re-issue a fresh token if you make a request during the last 1/6 of your session time. Thus, if you have 60-minute sessions, you will receive the transparent update during the last 10 minutes. Thus, for an active session, you should be able to use the script for a very long time without having to log in again. Your session will expire only after 60 minutes of being logged in, with the last 10 minutes inactive.

To control the session timeout interval:

  1. Log in to the Admin Page

  2. Choose "Personal Settings"

  3. Under "Security Settings", enter the desired number of minutes under "Session Timeout".

  4. If you do not wish to update your password, you may simply leave all of the password-related fields blank.

  5. Submit the form

To further customize this behavior, edit subroutine Authenticate in searchmods/common_admin.pl. This subroutine is called with each admin request. It will check for either a valid token, or a valid username/password pair. If neither are found, it will challenge for credentials.


    "Security: Controlling the session timeout value"
    http://www.xav.com/scripts/search/help/1078.html