MyBB

thelovelyone · 2016-12-14, 04:53 PM

hey there,

i'd like to know how i disable OR extend the admin cp session for mybb 1.8.
So e.g. i login into admin cp and then i won't be logged out ever (unless i clear cookies/use logout) OR for like 1 day.

Thanks.

fizz · 2016-12-15, 06:27 AM

In admin/index.php, edit line 290 to:

my_setcookie("adminsid", $sid, (60*60*24*365*20), true);

Not tested but that's where the admin login cookie is set, and that line should set the "adminsid" cookie to last for 20 years. The default is one year however, which really should be enough. Is it logging you out more frequently than that if you don't manually logout/clear cookies?

thelovelyone · 2016-12-15, 12:20 PM

Default is on year? Its usually like 30min.

Also its line 274, idk if it worked, will see and update this later, but thank you! Smile

Matt · 2016-12-15, 12:35 PM

It's not the cookie timeout that's the issue, the line you want is this:

if($admin_session['lastactive'] < TIME_NOW-7200)

This is set to 2 hours, this is what will log you out after 2 hours of inactivity.

thelovelyone · 2016-12-15, 01:07 PM

(2016-12-15, 12:35 PM)Matt Wrote: It's not the cookie timeout that's the issue, the line you want is this:
if($admin_session['lastactive'] < TIME_NOW-7200)
This is set to 2 hours, this is what will log you out after 2 hours of inactivity.

Thanks, i just did 7200*7200. Lets see if it works. C:

metulburr · 2016-12-15, 01:28 PM

(2016-12-15, 01:07 PM)thelovelyone Wrote: Thanks, i just did 7200*7200. Lets see if it works. C:

I believe this is a safety feature. Its a pain on your end but it keeps it all the more safer.

>>> 7200/60/60
2.0
>>> 7200*7200/60/60
14400.0

thelovelyone · 2016-12-15, 04:51 PM

(2016-12-15, 01:28 PM)metulburr Wrote:
(2016-12-15, 01:07 PM)thelovelyone Wrote: Thanks, i just did 7200*7200. Lets see if it works. C:

I believe this is a safety feature. Its a pain on your end but it keeps it all the more safer.
>>> 7200/60/60
2.0
>>> 7200*7200/60/60
14400.0

How does it keep me more safe? Just wondering.

Matt · 2016-12-15, 05:01 PM

So that if someone else gets access to the machine you're using, they won't have access to your account after more than 2 hours since you left it; Think, public computers, libraries, internet cafes etc. It's pretty standard for login sessions to expire, internet banking will log you out after about 15 minutes of no activity.

metulburr · 2016-12-16, 05:15 AM

If someone hacks your local computer, you are at least not auto logged into your ACP of your server. You would basically be handing them access to your server with access to your local computer. If someones packet sniffing and your on your phone/tablet/laptop using a wifi, there is less chance of obtaining access to your ACP if your logged out automatically.

Theres always a way to hack in, but there is no reason to give them an unlocked door to get in.

thelovelyone · 2016-12-16, 09:02 AM

Oh well ok, the probability is less, but i will do like 6 hours then.

Login
Username:
Password:	Lost Password?
	Remember me