PA-DSS Admin Session Timeout Enforced?

[timps]

Changing this setting has no effect.

Fresh virgin install of 154 on local test server. No plugins or mods of any kind.

I just looked up the following server info and compared with the requirements. Safe to assume that maybe this is the problem?
Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 mod_perl/2.0.4 Perl/v5.10.1
Mysql 5.0.8

[timps]

I just set up a new wampserver 2.5 on a different pc with php 5.5.12, apache 2.4.9 and mysql 5.6.17. There are zero mods to this installation. I'm still unable to turn off the admin timeout. I'll try downloading zencart again and reinstalling fresh. Would appreciate some ideas though.

[stevesh]

Same result here with a 1.5.4 vanilla installation on a remote server.

[timps]

Same result here with a 1.5.4 vanilla installation on a remote server.

Curious if you're remote is windows or 'nix?

Since it's not just me maybe it's a bug. I'll have to look up how to submit a bug report. The timeout and password change are a real PIA for a development server.

After my last post, I downloaded again and installed on the new wamp server and a new database. I tested by immediately opening admin > configuration > set admin session timeout to 0 (Non-Compliant) > set timeout seconds to 30. Absolutely no other changes have been made. Result is that it's still logging me out.

[Design75]

Curious if you're remote is windows or 'nix?

Since it's not just me maybe it's a bug. I'll have to look up how to submit a bug report. The timeout and password change are a real PIA for a development server.

After my last post, I downloaded again and installed on the new wamp server and a new database. I tested by immediately opening admin > configuration > set admin session timeout to 0 (Non-Compliant) > set timeout seconds to 30. Absolutely no other changes have been made. Result is that it's still logging me out.

I think there is no bug, just some confusion. If you set the "set admin session timeout" to 0, Zen Cart will still log you out when the time set in seconds has passed, but you are allowed to enter a value higher then 900 seconds.
It is like versions pre 1.5.x there you also got logged out, but back then the standard time was if I remember correctly 3600 seconds.

[timps]

Hmm...didn't think of that. I'll give it a try. If that's it I'm gonna feel kinda stupid, but I haven't seen any language anywhere to indicate this is the way it works. Just submitted a bug report though so I expect to find out one way or another.

Thanks for the response.

[timps]

The only explanation I've been able to find on this subject is here:
http://www.zen-cart.com/showthread.p...en-Cart-v1-5-4

In that post Dr Byte says the following:
"What if I Don't Need PCI Compliance?"
"For those of you using Zen Cart in a situation where you're not accepting payments with it (such as a showroom/showcase, or simply a CMS), you can turn off the extra PA-DSS stricter settings such as password expiration and password-format rules, etc, using two settings available under Admin->Configuration->My Store...".

I don't see anything to indicate that it is not simply an on/off switch. There is no mention of altering the timeout seconds.

[timps]

After a bit of testing, the suggestion by Design75 appears to be the solution. Sheesh.

[mc12345678]

A yet further solution though it goes against the standard/expected operation (intended to ensure continued compliance with PA-DSS requirements) is to open a second window accessing the who's online window and appending ?t=300 (or some number just less than the timeout that is set) this will refresh the window and keep the session alive provided no errors occur in trying to refresh.