Support

Admin Tools

#25387 Admin Logout Session Option

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Wednesday, 20 July 2016 17:20 CDT

Wednesday, 15 June 2016 11:43 CDT

DaveOzric
Hello, I am looking for some direction on a possible way to prevent my admins from being blocked when they don't log off before the session expires. I typically set my blocking at 3 attempts in 10 minutes and autoban after one.

My question is it possible to capture a user's IP logged in to the backend and when their session expires not make it a security exception? Not sure if I am phrasing this correctly.

This is similar to what a bank site does. When your session expires it logs you off. I have found a plugin that alerts you of session expiration but that only accomplishes one part not the firewall issue.

Just curious if this is possible or something that might be considered as a feature.

Thanks

Thursday, 16 June 2016 02:11 CDT

tampe125
Hello Dave,

the problem is that when the session expires, we have no control over the user: there's no "logout" event that we can intercept, your session is simple deleted by Joomla.
The only solution is to raise the amount of exceptions required to get banned, but that's an issue that we can't solve.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 16 June 2016 15:02 CDT

DaveOzric
Hi, I was more thinking of a way not to create the security exception for a valid user that has recently logged in. Like possibly capturing the IP address and have it be added to the whitelist for a certain amount of time. So when they come back to the site it's not triggering the firewall even though their session is over. So not really waiting until the session expires but upon login triggering a solution. So a user logs in to the backend, their IP gets added and it stays in for x amount of days the site admin determines. If someone logins successfully they should be OK for some time. I don't really want to set the session time to days as a solution.

I have never asked for any modification to the extension due to it's pretty much got it all. This would be the only thing that could be improved. Some way to not block valid users who either accidentally forget to logout or leave with a few tabs open only to trip the firewall upon going back to the site.

Just a thought and maybe a benefit for others too. If there weren't so many hackers out there I would relax the security but it's pretty bad these days.

Friday, 17 June 2016 03:07 CDT

tampe125
Honestly I think it's a little of an overkill: the solution you proposed could open some security issues. After all, if the session expires the customer is simply redirected to the home page and a security exception is raised. Since it's just the first one, they won't be blocked, so they can visit the backend (using the special url) and login again

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 18 June 2016 11:05 CDT

DaveOzric
Well that's fine if it's not something you will consider. Although if your answer were how it was I wouldn't be here asking. I have it set to 3 and they are tripping it and getting banned. Probably leaving 3 windows open. I work like this often and have kicked myself out before.

I just thought it would be a cool option. I do not know all the implications of it being added. Too bad it could not be an optional setting.

Monday, 20 June 2016 02:52 CDT

tampe125
If you got kicked out in another window, perform the login again, then you have to refresh all other tabs and then you can start working again.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 20 July 2016 17:20 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!