Jump to content
Psytanium

Add "Keep me logged in" on login page

Recommended Posts

Hi,

I want to add a "Keep me logged in" to the login page, so users can choose it to prevent browsers and other factors to destroy the login session and logout the users. and maybe someone know how to define how long to keep the users signed in.

Thanks

Share this post


Link to post
Share on other sites
Posted (edited)

Is there a reason why you want to do something like that? I mean, are you having issues with customers being logged out while they are shopping?

Some of the email services have this option for people who don't want to keep logging in every time to check their email. However, this is not necessary for an eComm site and presents a security risk and related liability risk.

The session timeout is usually a setting in a configuration file like php.ini.

I don't know if there's an add-on for what you are looking for, and you should search that add-ons site first. 

If you are experiencing problems with the session being destroyed, then you need to address that problem first, before trying to modify sessions.

If this is not a sessions problem and you cannot find an add-on that does what you're looking for, then you can modify the session expiration control add-on to do what you want. This is a simple add-on that allows you to set the session times for the store and the admin panel to whatever you want.

 

 

Edited by Demitry

osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&geo=US&q=oscommerce

Share this post


Link to post
Share on other sites

@Demitry

I'm trying to give our shoppers the option to keep their browsers logged in for easier accessibility. So they can check or uncheck the Keep me signed in checkbox.

When a user login to an OSC2.3.4 website, his credentials are saved in the server as sessions ? and when he logout the session is destroyed ?

Share this post


Link to post
Share on other sites
Posted (edited)

Personally, I don't recommend doing this, but if this is what you want to do and you have not found an add-on specifically for that, then you can modify that add-on I mentioned.

Just add a checkbox to the login page. Then add a conditional IF statement to the _sess_read($key) function in /catalog/includes/functions/sessions.php .. something like:

If (isset($_POST['checkbox_name']) && !empty($_POST['checkbox_name'])) {

   ... use mod code for that function from add-on ...

} else {

   ... use the original function ...

}

Then go to your admin panel and set the new session expiration control for catalog to 24 hours, a week, or whatever you want.

 

 

 

Edited by Demitry

osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&geo=US&q=oscommerce

Share this post


Link to post
Share on other sites
9 hours ago, Demitry said:

Personally, I don't recommend doing this, but if this is what you want to do and you have not found an add-on specifically for that, then you can modify that add-on I mentioned.

Just add a checkbox to the login page. Then add a conditional IF statement to the _sess_read($key) function in /catalog/includes/functions/sessions.php .. something like:

If (isset($_POST['checkbox_name']) && !empty($_POST['checkbox_name'])) {

   ... use mod code for that function from add-on ...

} else {

   ... use the original function ...

}

Then go to your admin panel and set the new session expiration control for catalog to 24 hours, a week, or whatever you want.

 

 

 

Thank you for your advice, I will try the Session Expiration Control addon with a checkbox at login screen. Thanks :)

Share this post


Link to post
Share on other sites
Posted (edited)

Keep the checkbox_name unique and make sure you place the checkbox code inside the login form, ..before the closing </form> tag.

The checkbox code for the login page should look something like this:

<div><?php echo tep_draw_checkbox_field('keep_logged_in', '1', null, ''); ?>&nbsp;&nbsp;Keep me logged in</div>

The standard session timeout is often set to 15 to 45 minutes. This setting is usually in your php.ini file. You can call your hosting company to get clarification on that setting, if you cannot find it.

To test this feature, set a 1-minute session for the keep me logged in feature. If you are logged out after a minute, it's working. However, you then need to test it for the 24 hours or week session.

Switching browsers doesn't transfer the session across browsers, and I am not sure if it keeps the session when you close the browser tab, but still keep the browser open. That last scenario should actually work to keep the session.

I think this should work for you.

 

 

Edited by Demitry

osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&amp;geo=US&amp;q=oscommerce

Share this post


Link to post
Share on other sites
Posted (edited)

Just a bit of a fair warning,.. if a customer is on a public computer like a library or school computer, and forgets to log out, the person who gets on that computer afterwards has full access to your customer's account. 

Most people aren't assholes and would likely log out the previous user. However, a scenario like that certainly presents a great opportunity to be one.

 

 

Edited by Demitry

osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&amp;geo=US&amp;q=oscommerce

Share this post


Link to post
Share on other sites

And, ..yet another option is to present the customer with a pop-up warning to let them know that their session is expiring and ask them if they want to stay logged in.

I don't know if there's an add-on like this available, but it should not be a difficult one to make.

 

 


osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&amp;geo=US&amp;q=oscommerce

Share this post


Link to post
Share on other sites
Posted (edited)

@Demitry I think your Addon work ONLY if sessions are stored in SQL database right ? In my website, I switch sessions storage from SQL to files because the database grow to 1 GB in 6 months. Is there a way to automatically delete old sessions from database ? this way I can switch back to SQL

 

 

Edited by Psytanium

Share this post


Link to post
Share on other sites
Posted (edited)

Unless you have sessions stored somewhere else, they are stored by default in the database. 

I'll take a look at the configuration files again.

There's also a copy stored in a server folder on a shared account, that you can change to your own location.

Where do you have yours stored?

 

 

Edited by Demitry

osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&amp;geo=US&amp;q=oscommerce

Share this post


Link to post
Share on other sites
4 minutes ago, Demitry said:

Unless you have sessions stored somewhere else, they are stored by default in the database. 

I'll take a look at the configuration files again.

There's also a copy stored in a server folder on a shared account, that you can change to your own location.

Where do you have yours stored?

 

 

php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php56"

I have full access to my VPS server in case i have to change or retrieve something.

Share this post


Link to post
Share on other sites
Posted (edited)

Ok, so there you go. Your standard session timeout is set to 24 minutes (1440/60) of inactivity. And, your server back-up sessions are stored in ea-php56. However, your actual sessions should be stored in a database table called sessions.

This also tells me that you originally had your VPS set up when you were running your store on PHP 5.6. ... hence, the name of that sessions back-up temp storage folder. 

 

 

Edited by Demitry

osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&amp;geo=US&amp;q=oscommerce

Share this post


Link to post
Share on other sites
6 minutes ago, Demitry said:

Ok, so there you go. Your standard session timeout is set to 24 minutes (1440/60) of inactivity. And, your server back-up sessions are stored in ea-php56. However, your actual sessions should be stored in a database table called sessions.

This also tells me that you originally had your VPS set up when you were running your store on PHP 5.6. ... hence, the name of that sessions back-up temp storage folder. 

 

 

Actually my sessions are not stored in a sessions database table. I changed this by switching the storage to file, in includes/configure.php I changedg :

define('STORE_SESSIONS', 'SQL');

To

define('STORE_SESSIONS', '');

Now sessions are stored in public_html/includes/work

Share this post


Link to post
Share on other sites
Just now, Demitry said:

I'll take a look at this tomorrow. This should not be a problem, but I need to get some sleep right now. Talk soon.

 

 

Sure no problem, I really appreciate your time.. talk later :)

Share this post


Link to post
Share on other sites

Actually, that sessions storage change should not make any difference as far as the session expiration control. The osC system will handle sessions regardless of where you store them. The two SQL additions via that add-on, are just there to set time controls for the sessions in admin and the catalog/shop. You could actually do the same thing by defining these session settings in the two configuration files.

 

 


osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&amp;geo=US&amp;q=oscommerce

Share this post


Link to post
Share on other sites
2 minutes ago, Demitry said:

Actually, that sessions storage change should not make any difference as far as the session expiration control. The osC system will handle sessions regardless of where you store them. The two SQL additions via that add-on, are just there to set time controls for the sessions in admin and the catalog/shop. You could actually do the same thing by defining these session settings in the two configuration files.

 

 

I switched to

define('STORE_SESSIONS', 'MYSQL');

Now your addon works. Thank you for sharing it.

Now i have to periodically clean the expired sessions from the Sessions database table.

But I think your addon will not work when the session storage is files instead of MySQL. Because it looks on the database table sessions to get the value from there:

// BOF: Session Expiration Control v1.0
    function _sess_read( $key ) {
        $value_query = tep_db_query( "select value, expiry from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input( $key ) . "'" );
        $value = tep_db_fetch_array( $value_query );

        if ( isset( $value[ 'value' ] ) ) { // A session was found

            if ( is_numeric( SESSION_EXPIRATION_ADMIN ) && SESSION_EXPIRATION_ADMIN > 30 ) {
                $max_session_length = SESSION_EXPIRATION_ADMIN; // Set how long a session should last in seconds (3600 = 60 min).
                $current_session_length = time() - $value[ 'expiry' ]; // Calculate how long ago this session was last updated.

                if ( $current_session_length < $max_session_length ) { // If this session has not expired yet:
                    return $value[ 'value' ];
                }

            } else { // if admin configuration value is blank or 0 then session expiration settings are likely to be from the server side
                return $value[ 'value' ];

            }
        }

        return '';
    }
    // EOF: Session Expiration Control v1.0

Maybe this is how osC function by default.
 

Share this post


Link to post
Share on other sites

Just a quick question, trying to clean the expired sessions from the sessions table.

Do you think when a session expire, it is automatically deleted ? or we should run a query to delete it ? so i can keep the number of records in this table under control.

Share this post


Link to post
Share on other sites
Posted (edited)

I just looked at that sessions file and I think you're right, that add-on is made for sessions that are stored in the database. I've never dealt with storing sessions in a folder instead, ..or what changes need to be made to accommodate that set-up.

Let's ask Jack @Jack_mcs about the automatic removal of expired sessions from the database. I believe that this is true, but Jack would know better than I.

Jack also has an awesome add-on called, Database Optimizer. This keeps your database clean and light, and you can set up a cron job to clean that database once a week or once a month. Set it to run at like 4am when most everyone is snoring so as not to impact site performance for visitors. The process only takes a minute or so,.. so it's really not a big deal.

 

 

Edited by Demitry

osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&amp;geo=US&amp;q=oscommerce

Share this post


Link to post
Share on other sites
14 hours ago, Demitry said:

I just looked at that sessions file and I think you're right, that add-on is made for sessions that are stored in the database. I've never dealt with storing sessions in a folder instead, ..or what changes need to be made to accommodate that set-up.

Let's ask Jack @Jack_mcs about the automatic removal of expired sessions from the database. I believe that this is true, but Jack would know better than I.

Jack also has an awesome add-on called, Database Optimizer. This keeps your database clean and light, and you can set up a cron job to clean that database once a week or once a month. Set it to run at like 4am when most everyone is snoring so as not to impact site performance for visitors. The process only takes a minute or so,.. so it's really not a big deal.

 

 

Big thanks to you and for Jack too, you offered great support in this forum. and hope the osC4 will looks like the current osc in structure.

Probably i will write a simple delete query to remove the sessions older than the time set already in your addon. and put it in cronjob.

Share this post


Link to post
Share on other sites
On 10/7/2021 at 6:47 AM, Psytanium said:

Do you think when a session expire, it is automatically deleted ?

There is code to delete sessions but not for when it expires, as I recall. The session is deleted for certain actions, like when a paypal order complete or the SID changes due to the recreate setting in admin. But they are not deleted based on age which is why the table needs to have old entries removed occasionally.

Share this post


Link to post
Share on other sites
Posted (edited)

@Demitry I created this file cron_session.php and its working fine when added to Cronjob, it will delete old sessions records from the database

<?php
require( 'includes/application_top.php' );
return tep_db_query( "delete from " . TABLE_SESSIONS . " where expiry < '" . ( time() - SESSION_EXPIRATION_CATALOG ) . "'" );
require( DIR_WS_INCLUDES . 'application_bottom.php' );
?>

I added the Keep me signed in checkbox in the login screen, but still didn't manage to make it functional. Probably I should register a session variable in login page :

$keep_logged_in = tep_db_prepare_input( $HTTP_POST_VARS[ 'keep_logged_in' ] );
tep_session_register( 'keep_logged_in' );

and then add to sessions.php around your addon code :

if ( is_numeric( SESSION_EXPIRATION_CATALOG ) && SESSION_EXPIRATION_CATALOG != 0 && $_SESSION['keep_logged_in'] == 1) {

I checked the session value now include [keep_logged_in] => 1 but still didn't get it to work i don't know why

Edited by Psytanium

Share this post


Link to post
Share on other sites

Ok, let me replicate this feature on one of my development sites and see if there is something I missed.

You don't need a separate cron job file for the sessions table, just use Jack's Database Optimizer add-on. It cleans the entire database, not just that sessions table.

And, test all your stuff on a development site/sub-domain,.. Never on your live site!

 

 


osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&amp;geo=US&amp;q=oscommerce

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×