Results 1 to 5 of 5
  1. #1
    Join Date
    Aug 2009
    Posts
    355
    Plugin Contributions
    0

    Default increase SESSION_TIMEOUT_CATALOG impact

    Hi Zen friends,

    I was reading how to increase session timeout

    -- -DrByte suggestion

    Just create an /includes/extra_configures/my_ultra_long_session_timeout.php
    <?php define('SESSION_TIMEOUT_CATALOG', 1441);

    Since I have some sessions time_out everyday, I wish to increase it ( 1 day ? 1 month ? it depends also on my hosting provider? )
    Before doing that, I thought: Is there any downside ? Any negative impact on store functionality or for the business ?

    thx
    ZC 1.5.5

  2. #2
    Join Date
    Jul 2012
    Posts
    14,850
    Plugin Contributions
    17

    Default Re: increase SESSION_TIMEOUT_CATALOG impact

    If the user that has logged on does not log off and the session has not expired, then the next person on the computer/browser will be able to access the information associated with that user.

    Namely PCI compliance is affected, which is the point of the existing constraints. Whether that is needed for the site such as sites that are for example created solely for the display of information.
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...
    Upgraded to Zen Cart V1.5.3 from V1.5.1 from V1.5.0 from V1.3.9h

  3. #3
    Join Date
    Aug 2009
    Posts
    355
    Plugin Contributions
    0

    Default Re: increase SESSION_TIMEOUT_CATALOG impact

    Nice, but:

    Why Am.z.n let customers come back logged into their account after so long ? I believe for a customer is very handy to not re-login and find their custom main page when go back. Well, for the company is even better many reasons ( user tracking .. etc. )

  4. #4
    Join Date
    Nov 2005
    Location
    los angeles
    Posts
    1,464
    Plugin Contributions
    2

    Default Re: increase SESSION_TIMEOUT_CATALOG impact

    i disagree that increasing catalog timeouts for the catalog, ie customers, affects PCI compliance.

    while amazon does allow customers to come back and continue with their session, in my experience, they do require the customer to re-authenticate prior to purchase or viewing order history.

    best.
    practice #socialdistancing NOW! #staythefawayfromme
    email is hard....
    help out with the green....

  5. #5
    Join Date
    Dec 2007
    Location
    Payson, AZ
    Posts
    915
    Plugin Contributions
    12

    Default Re: increase SESSION_TIMEOUT_CATALOG impact

    Quote Originally Posted by solo_400 View Post
    Nice, but:

    Why Am.z.n let customers come back logged into their account after so long ?
    They use something like 'Remember me' which makes use of a cookie on the user PC to auto login. The account is not left open and times out if the user is not active on site... Remember me is in the plugin section and would be the best way to go and not mess with session time out.
    Dave
    Always forward thinking... MySite..

 

 

Similar Threads

  1. Upgrade MySQL from 5.1 -> 5.5 Impact?
    By jameyo in forum General Questions
    Replies: 1
    Last Post: 3 Apr 2012, 10:31 PM
  2. What is impact of deleting product from catalog?
    By johnd in forum Setting Up Categories, Products, Attributes
    Replies: 2
    Last Post: 27 Sep 2010, 07:13 AM
  3. Impact of New Fields on Customer Table
    By MrSpiffy in forum Contribution-Writing Guidelines
    Replies: 1
    Last Post: 9 May 2009, 02:49 AM
  4. Turning off SEFU - how best to minimise impact
    By welshop.com in forum General Questions
    Replies: 0
    Last Post: 9 Jan 2007, 07:20 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR