Hi, I’m trying to improve the security of my site adding a timeout for the session, how can I do ?
Hello @Nicolas_Aguirre_Espi,
You should be able to do this in in the config.inc.php
file - by specifying the session.gc_maxlifetime
setting.
-Roger
PKP Team
I was looking in theconfig.inc.php
file but this setting doesn’t exist o can I add manually in the file o what can I do? , also I have to say that I’m doing an upgrade of OJS 3.1.1.4 to 3.3.0.8
Sorry - my mistake. I think this was in older versions of the config.inc.php
file, but may have since been removed. You can still set the ‘session_check_ip’ setting to On, as a security improvement, but I don’t know that you can set a time limit - I’ll look into that for you and let you know.
-Roger
PKP Team
Thank you, I will wait for your news
So, there are a few options here:
- there is the
session_lifetime
which you can set regarding how long cookies are retained. I think, however, you can only set this in terms of days, however. - There is also the option in the administration settings that you can use, to expire user sessions manually: Administration > Administrative Functions > Expire User Sessions
Not entirely sure if that’s exactly what you’re looking for, but those are the main “out-of-the-box” options for this type of setting, so far as I know,
-Roger
PKP Team
Thank you for your help
This topic was automatically closed after 6 days. New replies are no longer allowed.