AnsweredAssumed Answered

Changng Session Cookie Timeout

Question asked by Jeff C on Jul 21, 2016
Latest reply on Jul 21, 2016 by Angel Magana

I want users to remain logged in as long as their browser is open.  (This is not a concern for us from a security standpoint.)


Solutions I've found are all referring to modifying the PHP config.  However this would potentially effect other PHP applications running on the same site so seems to me not the proper/best solution.


Does Sugar not establish a cookie upon successful login?  If so, wouldn't a better, more specific solution be to modify the Sugar code that establishes the session login cookie to expire upon browser close.


I grepped for setcookie and can't seem to identify where the login cookie is set but in modules/Users/logout.php did find:


setcookie(session_name(), '', time()-42000, '/',null,false,true);


Which obviously is expiring the cooking.


As I'm understanding this Sugar is using PHPSESSID cookie which is set by PHP not Sugar.  So then I have essentially two questions...


1) What is the systexpirationlogin setting for in config.php in Sugar/


2) Could I not just add a setcookie command in Sugar upon sucessful login:

setcookie(session_name(), '', 0, '/',null,false,true);

to modify the session cookie timeout to be upon browser close?


It's ashame Sugar didn't put a sysytem setting to handle this.