Joomla! is an award-winning open source CMS for building powerful websites.
Joomla is an award-winning content management system (CMS), which enables you to build Web sites and powerful online applications.
Read more...
Joomla! is a extremely customizable and adaptable for Enterprise, SMBs, NPOs and beyond. Read more...
No matter what level of experience you hold, Joomla! has strengths to match; programmers, designers and end users alike!Read more...
Joomla is an open source project and contributions from the community are essential to its growth and success. Anyone can contribute on any level, even newcomers can contribute to Joomla. Read more...
"Your session has expired. Please log in again."
It may be annoying when you encounter this message, but it happens for a very good reason. By default, Joomla! allows you to login and remain signed on to the CMS system for a maximum of fifteen minutes of inactivity. Limiting a session in this way helps to prevent a lot of security issues.
If you've ever been caught short, it's tempting to extend the session time limit to a very large value. The place to make that setting is in the Global Configuration under Server. It's also possible to install an extension that disables session timing altogether. When you're developing a site, this is a simple way to prevent session timeouts.
On a live site with any amount public of traffic, though, this is a very dangerous idea. Don't be tempted. Sites that are left exposed with a long, straight path to Administrator or Superadministrator rights are something a hacker hopes to exploit. This can be as simple as someone sneaking access to a computer that doesn't belong to her or him, or more elaborate schemes of exploiting user accounts. On a Joomla! site that has gone live, we need a better plan for dealing with the potential for sessions timing out and causing frustration for the people working there, a plan that doesn't reduce our security settings. But what?
The answer is to install a session timer into your Joomla! administrator template. These extensions count down the remaining time in a session with a graphic or clock. When time is nearly up, they warn the user that her or his session is nearly over and it's time to save their work. Not only does a session timer give fair warning to people editing or adding to a site, it encourages them to intermediately save their work. Everyone is a winner—everyone except for a hacker, that is.
Here are links to two session timer options available from the Joomla! Extensions Directory. There are more options available in the Admin Desk section. Many template developers are releasing Administrator templates which include a session timer feature, too.
Sully has been building corporate and non-profit organization websites for 10 years, and using Joomla! almost since it was new. Sully lives and works in the Washington, DC metropolitan area, where he is a Principal of Terrace Media Group, an independent website development firm that helps graphic design studios deliver great Joomla! CMS sites to their clients.
Nice piece, Sully. It is indeed very frustrating in 1.5 to lose your work due to a timeout.
One of the improvements in 1.6 is the use of a "keep alive" method on all edit forms to prevent this problem from happening.
Developers should add this statement to the layout for their edit forms:
This will prevent the session from timing out. This approach can be used in extensions in both 1.5 and 1.6.
Great tip, Amy!
Good idea. I might remove it before clients take delivery of the site less they think it's somekind of virus countdown...
I encourage you to leave it in, Marcus. It's just one little feature to explain to your client about the Administrator interface, and it encourages the good work habit of saving your work. (Remember, when you hit "Apply," your session renews.)
There are lots of good reasons why saving your work within the session time is helpful besides the potential for a poorly-coded Joomla! extension to time you out. For instance, once when I was writing an article someone tripped over the power cord of a desktop computer I was using and accidentally unplugged it. That of course crashed my system. Because I had been prompted to save my work by a session timer, I only lost the last two paragraphs I'd written.
If reading a “Did you know...?” article leaves you longing for more, then it’s successful. We aim to give just enough information to trigger your curiosity and motivate you to learn more.
Have you got some wisdom to share? Then jump aboard and start sharing all that Joomla! Goodness so we can learn even more from each other.
