Jump to content

Admin Session Lifetime


Recommended Posts

Hi there,


This topic has been addressed here, but the thread just kind of died...



Does anyone know of away - aside from modifying php.ini or .htaccess to set the session lifetime for WHMCS Admin session lifetime? For example, if a user is logged in but inactive for a certain period of time OR the user closes their browser and goes to WHMCS Admin area again, they must be logged out and forced to log in again.


This holds some obvious benefits for security and provides some peace of mind.

A good example of this functionality in action would be Joomla. The default session lifetime is 15mins (adjustable, of course) and if I am inactive for that time period or I close my browser, I am logged out and I have to log back in.


I can't seem to access the link in the forum post I mentioned above, so does anyone know if this feature has been or will be implemented?

Link to comment
Share on other sites

  • 1 month later...

I found a solution that has been working for me on 5.3.x and I am now testing it on version 6 and it seems to be working there too. I have been able to walk away from my computer for 3-4 days and come back and click a link and I am still logged in.


I will gladly provide the code if anyone wants it. Here is the basics of what you have to do.


create a small 1px by 1px transparent gif and save it. Write a simple small php file that starts with a header saying that it is ouputting a gif like header("Content-Type: image/gif"); this file is only about 6 lines long, pretty simple then...


I am using the v4 template so, in the /admin/templates/v4/ directory you will find head.js and header.tpl.


Immediatly after the body tag in header.tpl put in an image tag with the src= your php file you created above. Then in head.js add this inside the document.ready just above the closing });


window.setInterval("renewSession()", 60000);


Then just below the closing }); of the document ready add the renewSession function


function renewSession() {
   document.getElementById('renewSession').src='/sessionrenew.php?xyz=' + Math.floor(Math.random() * (999999 - 1)) + 1;


The way this works is, when the page is first loaded, the php file which outputs like a gif is output to the browser. it is invisable. Then when the entire doc is loaded, the document.ready function starts the interval timer which fires every 60 seconds calling the php file which keeps loading that gif. That is all that is needed to keep the session alive.


Along with that, I edited the php.ini for the site and set session.gc_maxlifetime = 9600 which is probably an overkill and this may not have been necessary but I did it anyway because it keeps the client area from timing out so easily. It still dies when the user closes their browser.


And just in case you need it, here is the sessionrenew.php script



//WARNING, this will puke if there are any empty lines after the ending ? >
foreach ($_COOKIE as $cookie => $value) {
   if (stripos($cookie, 'WHMCS') === 0 and strlen($cookie) >= 13) {
       if(!session_id()) {
header("Content-Type: image/gif");
readfile($_SERVER['DOCUMENT_ROOT'] . '/images/spacer.gif');


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated