Skip to main content
Able to set cookie session to zero Started by AaronB · · Read 3353 times 0 Members and 1 Guest are viewing this topic. previous topic - next topic

Able to set cookie session to zero

Az humanz are  stoopid    :)  .... being able to set the cookie session to '0' is likely not a good idea.

When using the 'menu bar' button to log in, the login box then reflects the value shown as set  in the Server Settings>Cookies and Sessions area. When set to '0' the login attempt obviously fails. Perhaps there should be a default minimal value of 30 minutes for the Default Login Cookie Length?

However, the user can login by using the login feature at the top of the header and by selecting one of the available options.

Re: Able to set cookie session to zero

Reply #1

Kind of related, a while ago I proposed this:
http://www.elkarte.net/community/index.php?topic=871.0

Feel free to share what you think of my proposal (that would indirectly solve this too :)).
Bugs creator.
Features destroyer.
Template killer.

Re: Able to set cookie session to zero

Reply #2

Greetings Emanuele,

I offered my suggestion in the thread you linked to.  I have notice another behaviour with the login prompts and have attached two more images. This issue is perhaps more aesthetic than anything else; it may also simply show an unflushed buffer.

When using the top section login and not entering any uid/pw but simply clicking on the Login button, the user is taken to the larger frmLogin (login2) section. The issue here is the "Minutes to stay logged in:" shows a shaded value of 3153600. See first image please.

When using the menu bar login and clicking on the Login button, the user is taken to the frmLogin (login2) section and the "Minutes to stay logged in:" reflects what is determined by Admin.  Now, when clicking the Log In button, the new login2 section will still show the Admin default, in this case 90 minutes, but not show the shaded set of numbers as in the first example. See second and third images please.

My reasoning on this is that both login2 prompts should show the default set by Admin. Not trying to nitpik this, but I sort of prefer consistency in these sort of things.  :)

Aaron