Users Log in session doesn't end automatically

[guru2010]

Hi all,

I am not sure if its only me who is facing this problem as I didn't find any related topic anywhere else. So I hope to find solution for it here.

My question is - " How to make the "login session" of users/members end automatically after certain time ?"

What is happening is that, after I log in as a user in my shop, I seem to be logged in forever unless I click logout manually. Even if I check after few days, I am directly redirected to "my account" page instead of redirecting me for a login.

So in such case, if any member uses public computer and forgets to click logout, thats is going to creates security issues to his account.

Any suggestion/ solutions on this will be highly appreciated.

thanks.

[trait-tech.com]

Some one told to modify the admin/header.inc.php

header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0'); // HTTP/1.1
header('Pragma: no-cache');
header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');

but I don't think so.
If there is an option to slove this??
It's a really problem, can log in automatically once loged in, for each computer.

What's can we do?

[tmocide]

yes i would love a bit more info on this too! seems like such a basic security feature that should be a core include.

[rocky]

PrestaShop uses cookies for authentication, so customers are automatically logged out when they clear their cookies, or after the cookie expires after 1728000 seconds (or 20 days). You can reduce the cookie expiry time on line 50 of classes/Cookie.php (in PrestaShop v1.3.1):

$this->_expire = isset($expire) ? intval($expire) : (time() + 1728000);

[kristianmu]

Hi!
I think that for not logged users it's good that cookies expires in 20 days, but for logged users, if you close the browser the sessions should be ended, because if you go to a ciber or somewhere like this, the person that comes after you can acceed to your account...
It's not possible to modify this?
For the BO I've made this modify http://www.prestashop.com/forums/viewthread/2137/#320315
But for customers it doesnt work's correctly.

Thank's a lot, and sorry about my english