Admin Keepalive Timer [Support Thread]

Since v1.5.0 was released with stronger security against unattended admin logins, some people have found it frustrating if they've been taking a long time composing content and didn't know that their inactivity had logged them out, or while talking on the phone but not touching their computer.

This plugin aims to counter that problem by popping up a notification window if there is no activity in the admin screen for an extended period of time, and logs out only if the prompt is not acknowledged, else keeps them logged in as long as they keep working.

INSTALLATION IS SIMPLE:
1. Unzip and upload the files.
2. Make a small addition to the bottom of the existing /your_admin/includes/header.php file to enable the keepalive system.

DOWNLOAD HERE:
http://www.zen-cart.com/downloads.php?do=file&id=1526

NOTE: I won't be surprised if there are some small display quirks in Chrome, and maybe IE (doesn't everything break in IE?).

Feedback welcome.

Great idea. Works as advertised on my 1.5.1 test site.

Errr...thanks but see no option on v1.50
Where is the fonction appearing in the admin panel?

There's no admin switch to turn it on or off, if that's what you're looking for. As the instructions say, To activate it, simply add the following line to the end of your existing /RENAMED_ADMIN/includes/header.php file: <?php require(DIR_WS_INCLUDES . 'keepalive_module.php'); ?>

In the constants, do the empty spans do anything?

Quote:

---

<p class="ui-state-error-text"><span class="ui-icon ui-icon-alert" style="float:left; margin:0 7px 50px 0;"></span>...

---

Quote:

---

Originally Posted by torvista

do the empty spans do anything?

---

Yes. They're part of the jQuery UI constructs

Afternoon!

I have been waiting for something like this..... too many times Have I been logged out halfway through a long page write up :o/

I am not sure if it is functioning correctly. When the 15 mins is almost up the entire screen goes green, you can not click anything or carry on working and there is no pop up message. The header also changes to a count down timer.

The only way out is to press F5 to refresh the screen, which means I lose everything I was writing.

I dont think this is how it is intened to work. I am using zc1.5.1 and ie9.

Any ideas?

Thanks in advance

The countdown dialog box (during green overlay) might be displaying at the top of the page ... so scroll up to access it. Instead of pressing F5.

Quote:

---

Originally Posted by DrByte

The countdown dialog box (during green overlay) might be displaying at the top of the page ... so scroll up to access it. Instead of pressing F5.

---

thanks for the reply.... All i get is the green overlay, there is no dialog box displayed. :o/

I have scrolled up, down and side to side (lol). Could I have installed something wrong?

I have tried accessing the admin in ie8 aswll but I get the same result.

Thanks once again for your help ;o)

I've never personally tested it on any IE browsers. I thought IE was dead?

Do you get the same symptoms on a more reliable browser?

Quote:

---

Originally Posted by DrByte

I've never personally tested it on any IE browsers. I thought IE was dead?

Do you get the same symptoms on a more reliable browser?

---

IE dead? ..... never lol

I got the same result on others too, however today it just started working.

Funny five mins me thinks. Thanks for you help DrByte, great addon!

Dr Byte

Great bit of kit....

Been using it for a few days now, today I noticed with this module installed if I go to edit a page of the website it doesnt allow me to in the WYCIWYG mode using the TinyMCE editor it just displays the page in HTML plain text format.....strange this one

I've removed the module and it started working again the TinyMCE is displaying the page content.

Anyone else got this happening to them at all?

I am using CKEditor without any trouble with Keep Alive ...

Ok Ive been doing some more digging around and here is where I am with this......

The TinyMCE editor stops working the minute I place the;

<?php require(DIR_WS_INCLUDES . 'keepalive_module.php'); ?>

In the my header.php file.......

Any ideas people.....Module works a treat but the minute I complete the above last step I lose my TINY MCE editor

I'm sure its go to me something small

Guessing that your editor plugin is trying to reload jquery but it's already loaded by the keepalive script.

Quote:

---

Originally Posted by DrByte

Guessing that your editor plugin is trying to reload jquery but it's already loaded by the keepalive script.

---

Any idea how I can fix this?

Apologies for the delay in replying. I've submitted a new version which "plays better with others", such as TinyMCE which also loads jQuery on the page. This update will skip reloading jquery if it's already loaded.

FYI: using Zen Cart 1.5.1

I work with Firefox for admin purposes only.

It works perfectly in Firefox (18.0.1). I only wish it would warn you of the session ending with a popup window. If you are using many tabs in your browser or have many browser windows open, and the admin window is not active, you will miss the warning.

As for IE9.0.12, it warns you with the green screen appearing below the footer section of the admin window. ( picture attached). After 15 minutes, It warns you "Sorry, you have logged out due to inactivity". Once you click continue, you can go back in and continue working in admin, or in another-words the admin session remains active!
Attachment 11838

In Chrome, nothing happens the warning doesn't even appear.

I have not tried Opera yet.

Works great in all pages except the pages that has spiffyCalendar. The timer dialog or the timeout dialog does not, instead the input box of the calendar and the blue dropdown button shows in the left top corner without any header display. This is happening on all the following browsers, Chrome, Firefox, Safari and IE.

Appreciate if you can provide a fix.

We are using Zen 1.5.1 and Keepalive Timer-beta0.2.

Quote:

---

Originally Posted by Kevin205

FYI: using Zen Cart 1.5.1

It works perfectly in Firefox (18.0.1). I only wish it would warn you of the session ending with a popup window. If you are using many tabs in your browser or have many browser windows open, and the admin window is not active, you will miss the warning

---

Hello DrByte,

I love your app. Especially the feature that if your session expires, you have an option to close and copy your work. However, unlike Kevin, when the timer pops up, I would prefer, if when you are viewing a different tab, that it doesn't scroll to the admin page and make it as the active page. Too many times, I have been in the middle of reviewing something with a client or typing something into a browser page, then suddenly my tabs shift/scroll to the admin page, I click, then have to click back on the tab that I was working on. Is there a change I can implement into the code that will either (a) have only the pop up box pop into view on top of my current active page, or (b) have the pop up box pop up on the admin page without it scrolling and making my admin page active? If either of these could be easily implemented by me, not only would it be acceptable, but awesome. If b is the easiest option, I would rather have to log back in than to have my pages keep scrolling.

Thank You,

Sharon

Sharon,
I'm not sure I've seen that behavior. Which browser/version are you using with this? And what version of Windows/Mac/Linux are you using on your computer?

Hello DrByte,

I am using FireFox 18.0.2 and WindowsXP Pro Service Pack 3.

Sharon

Quote:

---

Originally Posted by Sharon J

Hello DrByte,

I am using FireFox 18.0.2 and WindowsXP Pro Service Pack 3.

Sharon

---

Hello DrByte,

I also have the same issue using chrome Version 24.0.1312.57 m. I originally installed the add on to my demo site on my local machine with XAMPP. As I am preparing to go live, I installed ZC 1.51 on my web host. I did not back up my demo site and then load it, I did a complete clean install by adding each mod individually, as I have a few on my demo that I decided not to use. This issue is still present on my new site....Since you stated that you're not sure that you've seen this behavior, are there any particular files or a particular place that you are aware of that I should look to try and track this issue or conflict?

Thank You,

Sharon

I've often had it timeout in another tab while reading something in another tab. I've never seen it flip me back to the Zen Cart tab automatically.

I was really glad to find this add-on and installed it on an upgrade I'm doing for client because I know they will have trouble with the timing out. However, it doesn't seem to be working as described. Instead here's what happens

- I am on another tab (or even in another application with the browser still open but minimized)
- about 8 minutes into the idle time, the focus goes to the ZC admin tab
- a popup message is displayed which says:

We are unable to connect to the server. Your work may be lost. Please review your work and perhaps copy information to your clipboard if you had any work in progress which you do not wish to lose.

- there is only a button that says OK
- if I click the button the session does not time out
- if I don't click the button but click the x on the pop up message it also does not time out

Others have also mentioned something about a green color on the screen but that doesn't happen for me - just the pop up and it comes up quite a bit before 15 minutes.

I am running ZC v. 1.5.1 viewing with Chrome 24.0.1312.57 on WinXp (SP3)

Just to add to the above... I went back to the tab a little while later - maybe about 10 minutes later (after clicking OK on the popup) and it looks like it actually did timeout. I clicked on just anything in admin and got the log in screen.

Quote:

---

Originally Posted by earmsby

- a popup message is displayed which says:

We are unable to connect to the server. Your work may be lost. Please review your work and perhaps copy information to your clipboard if you had any work in progress which you do not wish to lose.

---

That's part of a secondary time-out protection feature inside the plugin which checks to see if there's been a timeout that it couldn't account for, or if the server has disappeared. In those cases you wouldn't want to lose the work you'd been doing either, so this is a courtesy secondary protection offered by the plugin so that you don't unexpectedly lose what you had on the screen.
While I've never had that get triggered on production or test servers (except when specifically forcing the connection to break so that feature could be programmed initially), I wouldn't be surprised to learn that you were running into that sort of problem in a dev environment where high-availability of servers is not a priority.

Quote:

---

Originally Posted by earmsby

the focus goes to the ZC admin tab

---

I've been using this plugin on a large number of sites in the last week, and have never yet seen the focus change to the ZC admin tab.
While one other person has reported similar symptoms, also on WinXP, I've yet to encounter it. It sounds like something outside the script's control.

Interesting. I am running this store "in development" but really only in the sense that it's not public. The client's live site is currently on another server and this new upgraded site is on their new dedicated server. However, it may be that the DNS issues I had in trying to log in are effecting it (although I did solve those and the domain name used on the new site does resolve properly).

I'll try it on another machine (Windows 7) and see if it still happens.

I don't mind the timeout so much, but what I hate is the fact that you lose your work when creating a product. My customers are complaining that they spend time on their product and hit preview, then get logged out. Your plugin is wonderful, but what if the phone rings or something takes you away from your computer. If you don't hit that update button, you have to start all over again. There must be a way to create a temp backup at time of timeout.

Quote:

---

Originally Posted by Steve

I don't mind the timeout so much, but what I hate is the fact that you lose your work when creating a product. My customers are complaining that they spend time on their product and hit preview, then get logged out. Your plugin is wonderful, but what if the phone rings or something takes you away from your computer. If you don't hit that update button, you have to start all over again. There must be a way to create a temp backup at time of timeout.

---

Hi Steve!
Sounds like they're misunderstanding things. If they click "Close" (instead of "Login") they'll be able to go back to what they were editing, copy it to their clipboard, and then they'll have the info to paste back in again. That's all this thing does. Zen Cart doesn't yet have any "temp backup" for those pages. We're working on possibilities, but this plugin is a stop-gap measure in the meantime. Using the clipboard will help them. If there's a better way to reword the message which tells them to do that (without making it a mile long cuz we know nobody reads messages anyway), the feedback is welcome.

hey Doc, everything was working well then all of a sudden, the popup wont popup, the cont rols are on the ppage, they work but i get a 404 error on the jqueryui css link? any clues?
//ajax.googleapis.com/ajax/libs/jqueryui/1/themes/base/jquery-ui.css
Jeff

Looks like Google has broken their links.

You could maybe change it to this instead:

Code:

---

http://code.jquery.com/ui/1.10.2/themes/smoothness/jquery-ui.css

---

But that'll probably give you SSL/security warning errors if you're running your admin in SSL.

Another option is to copy the actual file to your own server and use it from there by entering the correct path for where you've put it.

:clap: Thank you

Uploaded update to accommodate google's change in their CDN URLs

Got this up and running on a live demo site without problems.

Tested on Linux Mint 14 with Firefox 21.0

Thanks DrByte!

Cheers / Frank

Awsome, works excellent.

Browser: Chrome
Server: TBD

Unfortunately, I uninstalled the plug in. The "We are unable to connect to the server. Your work may be lost. Please review your work and perhaps copy information to your clipboard if you had any work in progress which you do not wish to lose." was interfering with other work in the Google Chrome Browser.

For now, I'm just going to leave the "who's online" window open, with a refresh every 1 min. A more versatile solution is required, but thank you DrByte for your efforts. I appreciate them, and I used the plug in for a few weeks. I assumed the "We are unable to connect to the server. Your work may be lost. Please review your work and perhaps copy information to your clipboard if you had any work in progress which you do not wish to lose." was a problem with my webhost, who recently switched physical servers on me.

Dr Byte,

Repeatedly getting the secondary warning of "We are unable to connect to the server. Your work may be lost. Please review your work and perhaps copy information to your clipboard if you had any work in progress which you do not wish to lose."

This happens using locally using MAMP & Zend Server, and also on live sites on several different servers.

How can this secondary warning be disabled because the rest of the plugin works perfectly for us.

That warning is a result of a failure occurring when the script attempts to connect to your server in the background to determine if it's reachable. After a certain number of failures it displays that message.

So why is it that completely removing the keepalive timer module, i still get that warning appearing, just in a different style popup.
And yes, i removed all the files from the module.
Is there a function built into zen cart that is doing this check, and where can i find it.

Quote:

---

Originally Posted by strelitzia

And yes, i removed all the files from the module.

---

I think you're mistaken.

Quote:

---

Originally Posted by strelitzia

Is there a function built into zen cart that is doing this check, and where can i find it.

---

No. That text exists only in the files in that plugin. You can confirm for yourself using the Developers Toolkit.

DrByte, I think the plugin is working ok , except that after installing the plugin I'm having a blank pages on admin page after making any change on the admin panel and then when I click on submit/save I get the blank page ! why is that ? I'm using zc V1.5.1 on Firfox 26.0 !

And Now I can't login to my admin page, Once I get to the admin logins page and click on login, I get a blank page ! I check the logs , I got this error and I do't know what to do now ! Should I remove the plugins now?

[15-Dec-2013 05:43:10] PHP Warning: Cannot modify header information - headers already sent by (output started at /home1/arabbro1/public_html/newadmin/includes/keepalive_module.php:34) in /home1/arabbro1/public_html/newadmin/keepalive.php on line 12

DrByte.. are you on a Holiday ? I've been waiting for your reply, but you didn't show up !! Please help ..

Guys, I'm having a blank page after the time-out on the admin panel, the log file is pointing to this line in the admin/keepalive.php on line 12
Which is: header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
and the whole log's info is:

PHP Warning: Cannot modify header information - headers already sent by (output started at /home1/public_html/newadmin/includes/keepalive_module.php:34) in /home1/public_html/newadmin/keepalive.php on line 12


Is that happening because I changed the time format from the US ( M,D,Y) to GB ( D,M,Y)? and how to fix the problem with the blank page ?:frusty:

I'm getting the 'We are unable to connect to the server. Your work may be lost. Please review your work and perhaps copy information to your clipboard if you had any work in progress which you do not wish to lose.' pop-up. I understand the message, but what might be the cause to look to fix?

Using this on Zen 1.5.1.

Whether it is the code, the installation (including uninstallation) instructions, or both, it simply does not work with xampp localhost.

With xampp this mod is defective and could prevent further development of your site, as others above have testified.

Thanks for nothing but a headache.

After installing this plug-in, by renaming the admin directory and then uploading the file structure, when I log in to admin I just get a blank screen, so unistalled.

So I have been getting weird issues on one of my sites that uses the keepalive module. What happens is that after I login or update anything, it immediately takes me to a blank page. I am still logged in to the site, but it appears that the admin will not return me to the page I was editing before. The debug message is as other posters have mentioned:

I am also getting the following debug message PHP Warning: Cannot modify header information - headers already sent by (output started at /home/content/whatever/xxxxxxx/adminsection/includes/keepalive_module.php:34) in /home/content/whatever/functions/general.php on line 21

When I removed all the module's files the issue went away.

Quote:

---

Originally Posted by fabburl

So I have been getting weird issues on one of my sites that uses the keepalive module. What happens is that after I login or update anything, it immediately takes me to a blank page. I am still logged in to the site, but it appears that the admin will not return me to the page I was editing before. The debug message is as other posters have mentioned:

I am also getting the following debug message PHP Warning: Cannot modify header information - headers already sent by (output started at /home/content/whatever/xxxxxxx/adminsection/includes/keepalive_module.php:34) in /home/content/whatever/functions/general.php on line 21

---

Can't seem to replicate this on my own site.

What's different in your admin files compared to a fresh brand new uncustomized install of ZC?

Adding the following code:

PHP Code:

---

if(!in_array('header.php', array_map('basename', get_included_files())))
    return; 


---

to the very beginning of YOUR_ADMIN/includes/keepalive_module.php should do the trick.

Quote:

---

Originally Posted by iRAY

Adding the following code:

PHP Code:

---

if(!in_array('header.php', array_map('basename', get_included_files())))
    return; 


---

to the very beginning of YOUR_ADMIN/includes/keepalive_module.php should do the trick.

---

Um ... since header.php is the ONLY file which calls keepalive_module.php, why would that code suggestion have any helpful effect?

Hi I'm new to Zen cart and i think I'm doing pretty well, i normally dont like addons since they tend to slow down or get way too much crowded in my opinion, i like it clean simple and fresh, but i was looking for a anti log-out for admin page, i found yours, which by the way is great, tho i would prefer it not to force navigate to the site when the time runs out, since it can be frustrating working with other online documents and suddenly it moves away from that ;)

I Came here to say that i also got issues with blank pages, when logging in to admin page after i installed this addon, also when duplication products in same groups, it would give me the blank pages, however the cmd was sent successful to the server to demand duplicate but given blank pages all the time.

I'm using Firefox 28 if that helps you in anyways and I'm using the latest version of Zen Cart 1.5.1 as of this date 11-04-2014/eu date format with the theme "black pure free"

Quote:

---

Originally Posted by DrByte

Um ... since header.php is the ONLY file which calls keepalive_module.php, why would that code suggestion have any helpful effect?

---

Could you reply to my reply ;)?

If you're getting blank pages, you'll need to sort out whatever PHP errors are happening as a result. See your /logs/ folder.

http://www.zen-cart.com/content.php?124-blank-page

Is there any way to adapt this to work for the main site? I am looking to display the same idle warning to logged in customers. I have tried and failed..... any help would be great :o)

Running zc 1.5.3

Quote:

---

Originally Posted by alhakeem2001

Guys, I'm having a blank page after the time-out on the admin panel, the log file is pointing to this line in the admin/keepalive.php on line 12
Which is: header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
and the whole log's info is:

PHP Warning: Cannot modify header information - headers already sent by (output started at /home1/public_html/newadmin/includes/keepalive_module.php:34) in /home1/public_html/newadmin/keepalive.php on line 12


Is that happening because I changed the time format from the US ( M,D,Y) to GB ( D,M,Y)? and how to fix the problem with the blank page ?:frusty:

---

Quote:

---

Originally Posted by DrByte

Can't seem to replicate this on my own site.

What's different in your admin files compared to a fresh brand new uncustomized install of ZC?

---

The issue is with the November 2013 (v1.0) update, where an initialization script was added to load the keepalive_module.php. Since that module outputs a <div>, that's where the error originates. Using the previous (beta0.3) version corrects the issue (albeit with a single-line modification to the admin's /includes/header.php).

Just remember, don't use this plugin for Zen Cart v1.5.2 and later ... it's already included!

Quote:

---

Originally Posted by lat9

Just remember, don't use this plugin for Zen Cart v1.5.2 and later ... it's already included!

---

I installed 1.5.3 from scratch and still lose my work without warning when I am editing a page as follows

1. Tools
2. Define Pages Editor
3. Wait 15 minutes or more
4. Save
5. ... I am asked to log in again and my changes are gone.

Am I going about things in the wring way?

Thanks in advance.

Quote:

---

Originally Posted by lat9

Just remember, don't use this plugin for Zen Cart v1.5.2 and later ... it's already included!

---

My bad, for parroting the statement made by the last module updater instead of verifying before "speaking" -- you'll need to install this plugin (the previous version uploaded by DrByte) for this function to be present in all current Zen Cart installations.

Trying to look into this, but a thread was begun identifying issues with this module (using latest) for an admin user that is not given superuser permissions while logged in to a ZC 1.5.4 site. Thread: https://www.zen-cart.com/showthread.php?t=217827

Admin Logs have repeated "attempted access to unauthorized page [keepalive] for legitimate admin user.
This admin user is not a 'superuser', ie: has restricted permissions.
SuperUser admin does not cause similar log entries.

Code:

---

notice
2015-07-21 06:29:06
199.xx.xx.xx
2 DailyAdminUser (not SuperUser)   
keepalive.php   
r=0.8515617775265127   
1       
Attempted access to unauthorized page [keepalive]. Redirected to DENIED page instead.   
Array
(
)

---

I am getting the "We are unable to connect to the server. Your work may be lost....." alert. It's super annoying, so I disabled the "alert('<?php echo TEXT_KEEPALIVE_SERVER_UNREACHABLE_MESSAGE1;?>');" code to no ill effects.

I have noticed, though, that even when I click the "Yes, Keep Working" button, the header on the site continues to countdown, until it says "!!Expired Session" But It's not actually expired. Just the page's header says that. And the countdown isn't even consistent after clicking keep working, then navigate to another tab. It will hang out at like 181 2-3 seconds, 180 for even longer, sometimes flash the pages actual title, then continue counting down at normal speed once the tab is in focus. Once it says expired session, the next time the modal box pops up, it doesn't give the countdown, it says that the session expired and to login.

Quote:

---

Originally Posted by apogeerockets

I am getting the "We are unable to connect to the server. Your work may be lost....." alert. It's super annoying, so I disabled the "alert('<?php echo TEXT_KEEPALIVE_SERVER_UNREACHABLE_MESSAGE1;?>');" code to no ill effects.

I have noticed, though, that even when I click the "Yes, Keep Working" button, the header on the site continues to countdown, until it says "!!Expired Session" But It's not actually expired. Just the page's header says that. And the countdown isn't even consistent after clicking keep working, then navigate to another tab. It will hang out at like 181 2-3 seconds, 180 for even longer, sometimes flash the pages actual title, then continue counting down at normal speed once the tab is in focus. Once it says expired session, the next time the modal box pops up, it doesn't give the countdown, it says that the session expired and to login.

---

Yes, this has been an issue for yonks and was first mentioned in this thread in Sept 2013.

I have several ZC 1.5.4 installs on my local dev server (PHP 5.5.9, Apache 2.4 etc, Ubuntu OS, etc) and it happens only on one site, the others are not giving me the error. I did core file comparisons left, right and center but can't pin-point the cause of this annoying error. All the core files in admin are the same in all sites.

Now I am thinking that there may be a clash with some other jscripts (from installed mods) which could produce that message..... so my next move will be to (temporarily) kick out all other non-core scripts from the admin/includes/javascript folder, test without them and add them back one by one. Tedious, but it may throw a light on this .... eventually.

I know this sounds like a dumb question, but wouldn't it be much simpler to allow the "Admin Session Time Out in Seconds" be set to infinite?

The Admin Keep Alive timer only tells you ever so often that you are going to be timed out, and if you don't respond soon enough you will get logged out.

I like to have the "who's online" page up just to pop in now and then to see if there's anyone there.

Kjell Aa

Quote:

---

Originally Posted by Kjell Aa

I know this sounds like a dumb question, but wouldn't it be much simpler to allow the "Admin Session Time Out in Seconds" be set to infinite?

---

You loose your PCI compliance.....

Quote:

---

Originally Posted by Kjell Aa

The Admin Keep Alive timer only tells you ever so often that you are going to be timed out, and if you don't respond soon enough you will get logged out.

I like to have the "who's online" page up just to pop in now and then to see if there's anyone there.

Kjell Aa

---

If you want that to happen then you only need to set "Updating Manually" (top right hand box) from the default "OFF" to 1 Min.

And why do I not want to loose my PCI compliance.
What is that?

Kjell

Quote:

---

Originally Posted by Kjell Aa

And why do I not want to loose my PCI compliance.
What is that?

Kjell

---

Worth reading: https://www.pcicomplianceguide.org/pci-faqs-2/

Quote:

---

Originally Posted by Kjell Aa

I like to have the "who's online" page up just to pop in now and then to see if there's anyone there.

Kjell Aa

---

If you want to do that, it's fine, as long as you create a separate Admin profile with permissions to only that page, and then leave that admin user logged in someplace with a refresh every 15 min or less.
Just don't leave someone logged in to an admin ID that has permission to access all the other parts of your admin.

PCL Compliance.
As far as I can read it, this applies to webshops that stores or handles credit card data:
"if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply"

All I offer is PayPal, which does not pay me directly, and bank prepayment, which also do not pay anyting through my webshop.
In any case it seems to be a US requirement, I have never heard anything about this in Europe.


Secondly, why do I need to create a separate Admin profile to leave the admin page open?
My PC is not in any public place, and it will only be open when I am in front of my PC screen.

Third, where excactly do I put "Updating Manually" ?
Is it instead of the 900 Seconds of Admin Session Time Out in Seconds?
That doesn't work......

Kjell

Hi guys,

Can someone please help me here?
I want to stop this auto logout completely.
I just want to log on to my admin page, and then it should stay logged in until I log off.

Some "php for dummies" assistance would be much appreciated.

Kjell

Quote:

---

Originally Posted by Kjell Aa

My PC is not in any public place, and it will only be open when I am in front of my PC screen.

---

Question: Do you ever forget to log off before you go to lunch, to bed? Or is there a 0% possibility that anyone could ever access your PC without you present?

Quote:

---

Originally Posted by Kjell Aa

I want to stop this auto logout completely.
I just want to log on to my admin page, and then it should stay logged in until I log off.

---

Many sites, including banking sites, consider "when I have been away from my computer for too long" to be equal to logging off.
What do *you* consider to be the equivalent of "logging off"? Do you mean ONLY when you click the "log off" button?

Zen Cart is built around triggering logoff when you have walked away from the computer for a reasonable time, at which point the session will automatically expire and require a login again.


But a much more important point is this: What exact problem caused you to initiate this discussion in the first place? Is it because you don't like "logging in"? Or were you editing a product description without saving it periodically and lost the changes because the session had expired in the background?
The most important question here is why you're even asking the question. Can you describe that?

Quote:

---

Originally Posted by DrByte

Question: Do you ever forget to log off before you go to lunch, to bed? Or is there a 0% possibility that anyone could ever access your PC without you present?

---

Does not matter, unless my house get burglarized at night.
0% possibillity, I have full control of all persons in my house. (myself and the wife)

Quote:

---

Originally Posted by DrByte

Many sites, including banking sites, consider "when I have been away from my computer for too long" to be equal to logging off.

---

I am not a bank.

Quote:

---

Originally Posted by DrByte

Zen Cart is built around triggering logoff when you have walked away from the computer for a reasonable time, at which point the session will automatically expire and require a login again.

---

This is exactly what I want to avoid.
That reasonable time is way too short, and I have to log in way too often.

Quote:

---

Originally Posted by DrByte

But a much more important point is this: What exact problem caused you to initiate this discussion in the first place? Is it because you don't like "logging in"? Or were you editing a product description without saving it periodically and lost the changes because the session had expired in the background?
The most important question here is why you're even asking the question. Can you describe that?

---

I like to keep an eye on visitors to my website, and I have my PC on, and logged into the Who's online page.
I can then do other thing on my pc, or watch some tv or even get a beer.
When I return to see if there's anyone visiting my website, I have to log on again.

Kjell

Quote:

---

Originally Posted by Kjell Aa

PCL Compliance.

In any case it seems to be a US requirement, I have never heard anything about this in Europe.

---

It's also applicable in Europe. But, let's not argue about that. You don't care about security, and you want to override it. See below:

Quote:

---

Originally Posted by Kjell Aa

Secondly, why do I need to create a separate Admin profile to leave the admin page open?
My PC is not in any public place, and it will only be open when I am in front of my PC screen.

---

Why? Just to ensure that no unauthorized person can hijack your site. But, again, you've said you don't care about security. So, read on:

Quote:

---

Originally Posted by Kjell Aa

Quote:

---

Originally Posted by DrByte

Quote:

---

Originally Posted by Kjell Aa

I like to have the "who's online" page up just to pop in now and then to see if there's anyone there.

Kjell Aa

---

If you want to do that, it's fine, as long as you create a separate Admin profile with permissions to only that page, and then leave that admin user logged in someplace with a refresh every 15 min or less.
Just don't leave someone logged in to an admin ID that has permission to access all the other parts of your admin.

---

Third, where excactly do I put "Updating Manually" ?

---

You said you want the Who's Online page to stay up. To do that, open the Who's Online page, and notice that on the top right corner (assuming you're using the latest version of Zen Cart) there's an auto-refresh interval selection which offers choices of between 5 seconds and 10 minutes.
When you do that, it will keep refreshing before a non-activity timeout can occur, thus it will be always logged in.
And, for the sake of other readers of this discussion, that also means that anyone who walks by the computer will have complete access to your entire store's admin (according to whatever user profile you're logged in with) and can engage in unsupervised activity in your admin even if you're not present. The onus is on you to calculate that risk and any liability associated with it.

Quote:

---

Originally Posted by DrByte

Just to ensure that no unauthorized person can hijack your site. But, again, you've said you don't care about security. So, read on:

---

I do care about security.
Where do I say otherwise?

My PC is in my home, and security is taken care of through other means.
I don't know how this is where you are located, but up here, "your home is your castle" applies.

Kjell

Quote:

---

Originally Posted by frank18

Yes, this has been an issue for yonks and was first mentioned in this thread in Sept 2013.

I have several ZC 1.5.4 installs on my local dev server (PHP 5.5.9, Apache 2.4 etc, Ubuntu OS, etc) and it happens only on one site, the others are not giving me the error. I did core file comparisons left, right and center but can't pin-point the cause of this annoying error. All the core files in admin are the same in all sites.

Now I am thinking that there may be a clash with some other jscripts (from installed mods) which could produce that message..... so my next move will be to (temporarily) kick out all other non-core scripts from the admin/includes/javascript folder, test without them and add them back one by one. Tedious, but it may throw a light on this .... eventually.

---

I'm getting to this discussion a few months later but I hope it's useful to others.

I've just implemented the Keepalive Timer module in the admin area and I had the same problem where the keepalive.php page was being called through ajax and kept falling 5 times until the TEXT_KEEPALIVE_SERVER_UNREACHABLE_MESSAGE1 pop-up.

I found it has to do with the $.ajax timeout value set to 450ms on line 170 in the /admin_area/includes/javascript/jquery.idletimeout.js file.

Increasing that value to 3000 (3 seconds) solves it for me.

@DrByte I'm wondering if calling the keepalive.php every minute during 10 minutes isn't defeating the purpose of having a 15 minutes session? Every time the keepalive.php script is being called, I see the expiration time on the session increase.

If "idleAfter" is set to 600 seconds (10 minutes) before actually being defined as idle, it means the actual session still has 15 minutes to go. So, one can leave its computer idle for 10 minutes and still have an active session expiring in 15 minutes for a total of 25 minutes?

I may need to tweak it a little, the company I work for are pretty serious about PCI. Thanks for the module!

Quote:

---

Originally Posted by jazzman346

I'm getting to this discussion a few months later but I hope it's useful to others.

I've just implemented the Keepalive Timer module in the admin area and I had the same problem where the keepalive.php page was being called through ajax and kept falling 5 times until the TEXT_KEEPALIVE_SERVER_UNREACHABLE_MESSAGE1 pop-up.

I found it has to do with the $.ajax timeout value set to 450ms on line 170 in the /admin_area/includes/javascript/jquery.idletimeout.js file.

Increasing that value to 3000 (3 seconds) solves it for me.

@DrByte I'm wondering if calling the keepalive.php every minute during 10 minutes isn't defeating the purpose of having a 15 minutes session? Every time the keepalive.php script is being called, I see the expiration time on the session increase.

If "idleAfter" is set to 600 seconds (10 minutes) before actually being defined as idle, it means the actual session still has 15 minutes to go. So, one can leave its computer idle for 10 minutes and still have an active session expiring in 15 minutes for a total of 25 minutes?

I may need to tweak it a little, the company I work for are pretty serious about PCI. Thanks for the module!

---

Ya, I've been meaning to look at that further. It probably should only do the ajax ping if the user gets the popup and says "ya, i want to continue working".
Definitely open to code-change suggestions if you've got time to look into it.

Quote:

---

Originally Posted by DrByte

Ya, I've been meaning to look at that further. It probably should only do the ajax ping if the user gets the popup and says "ya, i want to continue working".
Definitely open to code-change suggestions if you've got time to look into it.

---

Good point! I didn't think about changing the code this way but I'll come back to it. I just had too many things to work on beside the idle timeout. My goal will be to create a session timeout into the Front End within a month or two, feature request from my boss.

So right now, beside changing the jquery.idletimeout.js to 3 seconds, I've set the Admin Session Timeout to 300 seconds (5 minutes).

I've also changed line 84 of the keepalive_module.php file to :

Code:

---

warningLength: <?php echo SESSION_TIMEOUT_ADMIN-70; ?>, // countdown timer width remaining session time minus polling time (last keepalive call) + 10secs buffer

---

That way, I do respect the 15 minutes PCI specs and it seems to work fine. Of course, I'll get feedback from the real admins in the next few weeks.

Following my last post, I proceeded with my latest release including the Keepalive timer module. It was working so well for me for the last three weeks so I was certain there would be no issue. Unfortunately, there is one -> Admin Profiles. I'm a super user, I can access any pages ... not the regular users. As a result, they get the "We are unable to connect to the server. [...]" pop-up after 5 failed requests (5 minutes) as the keepalive.php page called through AJAX always returns the denied page for them.

So, the fix for this is simple. We need to put it in the exception pages array on line 49 of the /admin/includes/init_includes/init_admin_auth.php in V1.5.5

Code:

---

if (!in_array($page, array(FILENAME_DEFAULT,FILENAME_ADMIN_ACCOUNT,FILENAME_LOGOFF,FILENAME_ALERT_PAGE,FILENAME_PASSWORD_FORGOTTEN,FILENAME_DENIED,FILENAME_ALT_NAV,FILENAME_KEEPALIVE)) &&

---

Then in /includes/filenames.php we need to add the corresponding constant :

Code:

---

define('FILENAME_KEEPALIVE', 'keepalive');

---

All the language constants used by this/in ZC156 are defined in the code:

PHP Code:

---

if (!defined('TEXT_TIMEOUT_WARNING')) define('TEXT_TIMEOUT_WARNING', '**WARNING**'); 


---

1) I assume the correct place for the translations is /extra_definitions?

2) Is this practice something that will be implemented in the future, or it's a one-off to simplify installation of this particular plugin?