Announcement

Collapse
No announcement yet.

Auto Log Out on Browser close

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Auto Log Out on Browser close

    Going back to the home page to log out or click on the force log out on next use from the same IP address is silly and a waste of time. A lot of the function in Miva take you to where

    It would be nice if...

    A) You were automatically logged out when you close your browser as most other sites do

    Or

    B) Admin would not require that you force the same user at the same IP address on the same computer with the same browser so you can sign back in as the same user on the same computer with the same browser from the same IP address. (sounds kinda silly huh?)
    Jim Sisk
    Uncommon Treasures

    #2
    Re: Auto Log Out on Browser close

    Admin would not require that you force the same user at the same IP address on the same computer with the same browser so you can sign back in as the same user on the same computer with the same browser from the same IP address. (sounds kinda silly huh?)
    This doesn't happen as long as you're not timed out.
    Thanks,

    Rick Wilson
    CEO
    Miva, Inc.
    [email protected]
    https://www.miva.com

    Comment


      #3
      Re: Auto Log Out on Browser close

      It seems like re-logging in should automatically close an expired session for that login (assuming it is expired). I'm sure there are other solutions to consider for the perceived problem as well, assuming they don't create any ancillary security issues (like the wrong people closing active sessions). It seems pretty safe for a login to close its own session if it is expired, but there may of course be circumstances I'm not thinking about. I'm not personally in favor of automatically closing the session on browser close, but it would be preferable to getting stuck with a bunch of sessions and nobody with administrative rights on site to close them, like us the day after upgrading to 9 ;) Thanks as always for listening!
      Charlie Morrison
      www.MCRmedical.com

      Comment


        #4
        Re: Auto Log Out on Browser close

        If you're not an Admin, but a "regular" user, it does this automatically. When you login from a new browser, it simply auto-logs out your other browser session seamlessly.
        Thanks,

        Rick Wilson
        CEO
        Miva, Inc.
        [email protected]
        https://www.miva.com

        Comment


          #5
          Re: Auto Log Out on Browser close

          Thanks for the info. That means our issue isn't so much a wish-list item, but perhaps a support item, since we are not seeing it work like described. We are definitely having multiple expired logins from the non-admin login account we set up for use at our shipping station (if we don't log out), so it's tying up multiple sessions for us if we're not careful. This is exacerbated when one or two of our three sessions is tied up by our admin accounts, or a Miva dev forgets to logout. We are really good at breaking things in unusual ways... Maybe it's because we use Firefox or something about the security settings. Thanks for sharing that info so we know to look at the issue again. As usual, I appreciate all the help! I'll pick up with this outside of this thread after I look at it further.
          Charlie Morrison
          www.MCRmedical.com

          Comment


            #6
            Re: Auto Log Out on Browser close

            The key is to make sure they're not set to Administrator under the Users section, and you'll probably need to configure User Groups to make it work exactly how you want it.
            Thanks,

            Rick Wilson
            CEO
            Miva, Inc.
            [email protected]
            https://www.miva.com

            Comment


              #7
              Re: Auto Log Out on Browser close

              It looks like the problem is with the admins not logging out (me), and then the users without admin rights can't get in and they can't close my sessions. Everybody but me seems to be able to remember to log out, but I seem to rack up simultaneous sessions like crazy. I'm sure there is a reason, but why does an admin account not clear out its inactive sessions when it logs back in?
              Last edited by mcrmedical; 03-27-15, 04:24 PM.
              Charlie Morrison
              www.MCRmedical.com

              Comment


                #8
                Re: Auto Log Out on Browser close

                What is your admin session timeout set to?

                If you're logged on the same browser, and you close it, if your admin session timeout is not expired, it will "re-use" your same session as before the next time you login.

                However if you have a long admin timeout, and you are logging in from multiple computers and or multiple browsers and not logging out, then each one will open up a new admin session and leave it open until it expires.
                Brennan Heyde
                VP Product
                Miva, Inc.
                [email protected]
                https://www.miva.com

                Comment


                  #9
                  Re: Auto Log Out on Browser close

                  Hi Brennan. Thanks for the info. I was very glad to read what you posted. It was not in fact working that way for me, but I'm glad to hear again that it should actually work that way. BTW, tech support directly contradicted what you stated, which is why I followed up again with a suggestion here to look at the session issues.

                  Thanks for offering those suggestions. I'll respond with the answers you asked about, but I understand this is not a tech support thread, so I'll keep it as short as possible and follow up elsewhere as necessary. Hope the info helps. My admin session time is currently set to 1440 minutes. When I close my browser without logging out it does NOT re-use my session next time I log on. It makes me log in again, and creates a concurrent session using my login. I can get dozens of unexpired sessions going concurrently. However, recently I think it stopped counting that against our total session count, so I'm guessing that Miva changed something in the session licensing system, or something has changed in Firefox. Either way, the issue has been greatly improved for us (thanks!). But it did leave a sour impression of Miva tech support along the way, so I re-emphasize that we hope Miva continues to look at how the sessions are handled. This has been an important issue for our company, one that really hindered our operation for a while.

                  Thanks again, Charlie

                  miva-sessions.jpg

                  Oops, I spoke too soon. It looks like I am still locking people out (note: both my logins are from the same computer and browser)

                  miva-sessions-2.jpg
                  The problem is that if the other three sessions aren't active when I log back in the second or third time, I don't know that I've tied up multiple sessions. Then if I get up and walk out the door or go in a meeting all the non-admins are completely locked out of our Miva admin. Of course we can/have overcome that by allowing more admin access and trying to be better about logging out, but we should not have to. It should not be possible for me to tie up multiple sessions (none are expired) from the same browser on the same computer, yet I can. I tried to get tech support to help me nail down the problem but was told that that's the way it's supposed to work, and that I need to log out.

                  Originally posted by Brennan View Post
                  What is your admin session timeout set to?

                  If you're logged on the same browser, and you close it, if your admin session timeout is not expired, it will "re-use" your same session as before the next time you login.

                  However if you have a long admin timeout, and you are logging in from multiple computers and or multiple browsers and not logging out, then each one will open up a new admin session and leave it open until it expires.
                  Last edited by mcrmedical; 03-31-15, 05:28 AM.
                  Charlie Morrison
                  www.MCRmedical.com

                  Comment


                    #10
                    Re: Auto Log Out on Browser close

                    Hi Charlie -

                    From the screenshots you sent, do you have any external integration such as shipworks, synchro, shiprush or stone edge?

                    This is most likely what is causing your issues. My guess is they are also using the charlie user.

                    Here is what you will want to do:

                    1. Create a new user for your external integration so it is not being confused with you.

                    2. Any external system will create multiple sessions (but it will at most count as a single seat). There is a new parameter that should be passed in the url your integration is using to connect to miva called "temporarysession=1" Adding this to the end of the URL will force the integration to auto log out as soon as it is complete and you won't see those open sessions under Administrator Sessions.

                    3. While it may be a pain for your team using Miva, a session admin timeout of 1440 (24 hours) is not ideal (and breaks PCI compliance) You'll want to change this to 15 minutes to be withing PCIs standards.
                    Brennan Heyde
                    VP Product
                    Miva, Inc.
                    [email protected]
                    https://www.miva.com

                    Comment


                      #11
                      Re: Auto Log Out on Browser close

                      Hi Brennan,
                      We don't have any external integration set up currently. We did have Shiprush, but disabled the account for that when we upgraded to PR9, but Shiprush always had its own login and did not use mine. I can see why it might look that way, but all of the logins in my screenshots are me on my desktop using Firefox.

                      Thanks for the additional info though. It may come in handy some day. We don't want one of our people (or integrations) to have a problem when a customer calls in, or they need to do their job, so we don't intend to share seats. We have done our part to make sure we don't cause any concurrent session issues. Four real people in our company have access to the store, and we have four seats (although we do use different logins according to the current task like "shipping").
                      Last edited by mcrmedical; 03-31-15, 08:04 AM.
                      Charlie Morrison
                      www.MCRmedical.com

                      Comment


                        #12
                        Re: Auto Log Out on Browser close

                        What browser are you using, and do you have any special cookie/security settings in your browser? Looking at those timestamps they are a minutes apart. Did you close your browser each time and re-open it a bunch of times and have to login again each time?

                        Something is not correct.
                        Brennan Heyde
                        VP Product
                        Miva, Inc.
                        [email protected]
                        https://www.miva.com

                        Comment


                          #13
                          Re: Auto Log Out on Browser close

                          We use Firefox throughout the company. Mine updates regularly, so I'm at 36.0.4 but about to go to 37. I think I was at 36.0.1 when I opened ticket AWO-330-95725 to try to get some help tracking down the issue and make it work like indicated in this thread. I don't have any special cookie settings (but that is one of the first things I really looked closely at--it really seems like the correct line of thought). I am allowing all cookies (and other sites such as Amazon, eBay, Paypal etc. all keep my sessions active ok). Yes, today for my screenshot I did simply open the browser, log in, and then close the browser without logging out. I did this to purposefully demonstrate the situation we encounter (normally accidentally) so I could post the screenshot here. Each time I reopen the browser and return, it forces me to log in again. I agree, something is not correct, and I'm not even saying where the problem is. I'm just saying I'm having a problem.
                          Charlie Morrison
                          www.MCRmedical.com

                          Comment


                            #14
                            Re: Auto Log Out on Browser close

                            It's also worth noting that 1440 mins for an Admin time out is a HUGE no-no.

                            It shouldn't be any higher than 15 minutes or you're not PCI Compliant.
                            Thanks,

                            Rick Wilson
                            CEO
                            Miva, Inc.
                            [email protected]
                            https://www.miva.com

                            Comment

                            Working...
                            X