-
Notifications
You must be signed in to change notification settings - Fork 135
AutoLogout
Currently webERP will timeout after a number of seconds. This number is defined by the $SessionLifeTime variable setup in the config.php script. However this doesn't immediately return the user to the login page, just sits there until the user tries to use webERP, and it only then takes them back to the login page. Potentially this is a security problem as anything left on the users screen would be visible to anyone looking at the screen.
Also when the user logs back in to webERP they are taken back to the first module in the list, regardless of which module they were last in.
This can be solved by inserting the line
echo '';
into the html headers in the includes/header.php script. This line creates a timeout in seconds (60 * $_SESSION['Timeout']), and automatically calls the Logout.php script when that timeout interval is reached. $_SESSION['Timeout'] is the interval in minutes, which is defined in the www_users table. Each user can have their own timeout interval set.
When the user selects a new module, that module is held in a session variable, and then on Logout (whether automatic, or manual) that module is then stored in the database. When the user next logs in (even if not on the same device) that module is retrieved from the database, and the specific module page is loaded.