how the system can do it like this? for the register user, even the CustomerCookie value can't be stored after restart the browser even stated expired age is 1 year in the code. But for the guest it's working, both of those used same code to set CustomerCookie.
I know there are two place to handle the user cookies.
1. CustomerCookie located in WebWorkContext. this cookie will be stored 1 year.
cookieExpires = 24*365; //TODO make configurable
cookie.Expires = DateTime.Now.AddHours(cookieExpires);
for registered user, it will use FormsAuthentication.FormsCookieName to save cookie and will update CustomerCookie value once user login successful.
I did bellow testing:
1. For guest
open the page without login and close all the browser then open the browser again. two time's Nop.customer's value are the same, which means guest cookie saved successful.
For registered user
step 1. open the page and login with user, I found the cookie value NOPCOMMERCE.AUTH is stored but it's session time expire age. cookie Nop.customer's value is set to registered user guid, the expire age is 1 year indeed.
step 2. Then I close all the browser and opened again, I fund the CustomerCookie's value changed to a guest value, the saved cookie value at step 1 is gone which should be expired 1 years latter.
Related
I am curious what happens if a user starts a GA session and let's say 1 minute later, the user turns off the Cookie, how is the information of that Session being recorded on GA?
I am curious if this would be the reason for the observation shown as the last record below:
As for the last record, I have 1 user but 0 session or 0 pageviews.
The first column is a user level customer dimension which indicates the user's Business Persona. The Persona information is passed from GTM via a data layer variable.
Any insight on the Cookie question as well as the abnormality observed above?
Thanks!
Yao
If the user has already entered on your site, then the session has started, because page view hit was sent to GA. Hit can't be recalled. Turning off the Cookie can affect only on next hits.
What about events? Events without page view don't start session. Sessions will be 0, but user will be counted.
We use cookie to remember user's login status. The cookie's expire time in my code is all right, but when redirected to another page, the cookie is missing. Then I modify the code, add 100 years to the cookie's expire time. Finally, the browser shows the expire time is 2115-07-23.
Here is the code picture and local time:
A few minutes later,the system broken down. When I open the program again, it is all right! It's unbelievable!
I have a multi-page Django signup process in which a user goes through the following steps:
Create an account (username, password)
Create a profile
Upload a photo
Review and approve/change profile and photo
Pass username and user ID to payment processor
Receive "Payment OK or Payment not OK" signal from payment processor
Log user in if "Payment OK" and display website's "home" page.
In step 1 above, the user's ID and a couple of other pieces of information are stored in a session. They're then examined when necessary during steps 2 through 4. The user ID and username will also be passed to the payment processor in step 5. I'm thinking of setting the session timeout period to either 30 minutes or an hour. Here's my question. Should I read and re-assign the session variables when the user GETs each of the above pages in order to help the user avoid having their session timed out? The Django documentation says Django only saves a session when the session has been modified (i.e. when any of the dictionary values have been assigned or deleted). I'm thinking that if I "refresh" the user's session as they move from page to page, it will be less likely that they'll be timed out and will thus experience a smoother signup process.
Any advice? Thanks.
There's SESSION_SAVE_EVERY_REQUEST setting that saves session and sends session cookie with every request, effectively turning session into sliding expiration session (btw, it's a widespread name for what you want to achieve)
Refer to session docs for details
How to extend cookie expiry date from last activity which user has done?
Lets take an example, by default, cookie is set for 30minutes after user login.
userA do login at 1PM, hence given cookie will expire at 1.30PM.
Problem with this scenario is that if userA is doing something very important activity in app, then when he click on submit form on any internal link, he will get redirected to login.
Hence he loses his work which he as done.
What I want to have is when userA log in at 1PM (First activity), then at first, cookie will expire at 1.30PM.
After that userA become idle, that means he does not click anywhere, he just leave his computer and come back again after 15 minutes i.e. at 1.15PM and starts using php portal, then cookie expiry should become 1.45PM
How to do that? I found script PHPmyadmin has done same thing. It leads to expiration of cookie when user become inactive for more that 1440 seconds.
we have a web service for some numerical computing. It has a registered mode, in which a user has to register to have its results sent by mail.
We would like to keep track of how long the user stays logged. The login time is written in the database upon successful registration. Registration in not permanent, it's just for the purpose of single session and is used for acquiring the user email.
There are a few situations possible:
User logs out normally via the logout button.
Simplest solution. Write the time and logout in the database, and delete session.
User logs out by session expiry.
I'm planning on having a script which would check all the database entries which don't have a set logout time and if current time - login time > expiry time write logout time in a database as login time + expiry time.
User logs out by browser close.
The sessions have a get_expire_at_browser_close() set to True. But i don't know how can the server detect browser closure.
Ideas, critics, comments?
In django session middleware these lines control session expiration if we want that SESSION_EXPIRE_AT_BROWSER_CLOSE:
if settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
max_age = None
expires = None
Server doesn't have to do detect anything as cookie that has no max_age or expires set should be deleted on the client side, according to this page:
By setting either of these, the cookie will persist until its time runs out, otherwise—if you set neither—the cookie will last until you close your browser (a “session cookie”).
Edit:
One way of tracking how long user was online is by using javascript that will ping server every now and then. It will happen only as long as the user has page opened in browser and on every ping server should update last seen online value for the user.
When user closes browser session is over. Next time user logs in server can calculate duration of his last visit as last seen online - last login time.
Simpler solution without using any javascript: last seen online could be updated on every user request using simple custom middleware.