alokthakkar wrote:Hi,
I want to make sure session times out after 1 hour. In other words if user stays inactive for one hour he should be taken to login page again. It would be great if someone can help me with the settings i need to change. Do I need to make change in site settings or web config or is it on IIS level I have to make the changes?
Please reply urgently and thanks in advance for your help!
Thanks,
Alok
Hi,
You can modify this in the source code:
Go to this file:
/Presentation/Nop.Web.Framework/WebWorkContext.csand find this method:
protected virtual void SetCustomerCookie(Guid customerGuid)
{
if (_httpContext != null && _httpContext.Response != null)
{
var cookie = new HttpCookie(CustomerCookieName);
cookie.HttpOnly = true;
cookie.Value = customerGuid.ToString();
if (customerGuid == Guid.Empty)
{
cookie.Expires = DateTime.Now.AddMonths(-1);
}
else
{
int cookieExpires = 24*365; //TODO make configurable
cookie.Expires = DateTime.Now.AddHours(cookieExpires);
}
_httpContext.Response.Cookies.Remove(CustomerCookieName);
_httpContext.Response.Cookies.Add(cookie);
}
}
As you can see the row:
int cookieExpires = 24*365; //TODO make configurable
There is a TODO, which is there since many versions behind.
So, 24*365 represents one year. So you just make it 1. This will be one hour as you wanted.
I personally, do not believe this is a good customer experience, but maybe your configuration requires it.
I hope this helped !