What affects timeout or logout / how to lessen chance of data loss?

PeteBoyd · September 30, 2022, 2:39pm

What factors affect timeout / how to lessen potential data loss because of timeout?

As far as I can tell so far, the following covers the various ways in which users can be logged out of OpenEMR:

In OpenEMR, Administration > Globals > Security > Idle Session Timeout Seconds - defaults to 7200 (2 hours)
If the browser window is closed then a user is logged out. php.ini has this: session.cookie_lifetime = 0 (“Lifetime in seconds of cookie or, if 0, until browser is restarted.)”
After a period of inactivity between client and server. I believe this is defined by session.gc_maxlifetime in php.ini and defaults to 1440 seconds (24 minutes).

Does that cover everything?

I’m intending to write some documentation for users so that they know what to expect.

I’m also hoping to lessen the chance that a timeout occurs when someone is entering prose over an extended period of time before choosing to save, and losing what they’ve written. Will increasing session.gc_maxlifetime deal with this?

Thanks

brady.miller · October 1, 2022, 7:10am

hi @PeteBoyd ,

The gc_maxlifetime is set in OpenEMR (ie, overrides the php.ini setting) to be 14400:
openemr/SessionUtil.php at master · openemr/openemr · GitHub

Reason this was done:
openemr/SessionUtil.php at master · openemr/openemr · GitHub

PeteBoyd · October 3, 2022, 5:38pm

Thanks @brady.miller. So am I correct in thinking that both of the following serve the same purpose, in that they set the amount of inactivity time between client and server before timeout?

OpenEMR’s SessionUtil.php gc_maxlifetime = 14400 (4 hours)
OpenEMR’s Administration > Globals > Security > Idle Session Timeout Seconds = 7200 (2 hours)