Login session

Good afternoon. Our website https://ava.souenfermagem.com.br ends the login session. It is configured correctly but a session times out when closing the browser. I would like some configuration that I can use in CloudFlare. Is there anything I can do to fix it? Appreciate.

Normally for a web app.

Timeout error or rather you have to log back into the app?

Maybe users have selected options in their Web browser to clear cookies, cache, session, etc. on exit. Or, they are using a Private Window, TOR, etc.

Is it the PHP app?
As the owner of the server which hosts an app your users are using, you could limit the session (PHP session, SSL session, etc.) up to as much as I want, let’s say for example 15 minutes and then logout everyone who’s session passed 15 minutes - while the user hasn’t closed it’s web browser - simple as it, right?

Depending on the user location, for example, logging into a Webmail in a caffe and leaving it, but not closing the Web browser - leaving it open as is, without a session timeout/lifetime so anyone else could read his/her e-mail just like that? - that really wouldn’t be good.

There are some apps like WordPress which makes your login session cookie expire in 48 hours or so (or on a web browser close), or even up to 14 days if you tick the checkbox “remember me”.

Some Web apps are configured to store session cookies temporarily in memory and are automatically removed when the browser closes or the session ends.

Regarding cookies and session, maybye you can try out increasing the timeout, if so. Maybe you have to check the “ Remember me ” checkbox option if available to you and/or your users?

I got logged out from every Website when I close my Firefox, as I setup it like that either to clear cookies, cache and data - as I do not see any reason why should I keep that on my compuer and pile up my disk space keeping old data/files.

Furthermore, I am afraid this “issue” is not anymore related to Cloudflare. Maybe it is not actually an issue itself, rather a default Web browser behaviour?

This site is Moodle. It has a configuration option to stay logged in even if you close the browser. Turns out not to be working. Thought I would have some setup to do here. I just want to clear my doubts. If it’s a configuration that needs to be done on the server or if it’s an error in Moodle’s programming. Understood?

Before moving to Cloudflare, was your Website working over HTTPS connection?
May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?

Some topics to check using :search: :

SSL TLS: Complete
Encrypt end-to-end using a self-signed certificate on the server

I’ll read

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.