How to make Plone 3 not log you off when you close your browser

published Jan 28, 2009, last modified Jun 26, 2013

Plone is pretty secure by default. Unfortunately, as an administrator, having to log in each time you restart your browser is extremely annoying. Here's how to bypass that.

Step 1: patch or reconfigure Plone

For plone 3.1.x users

The following patch should be applied by you to your Plone sources.  Find your Plone's python library directory, and apply this patch to it:

diff -urN lib/python/plone/session/plugins/session.py lib/python/plone/session/plugins/session.py
--- lib/python/plone/session/plugins/session.py 2009-01-28 12:55:40.000000000 -0500
+++ lib/python/plone/session/plugins/session.py 2009-01-28 12:57:36.000000000 -0500
@@ -7,6 +7,7 @@
 from AccessControl.SecurityInfo import ClassSecurityInfo
 from plone.session.interfaces import ISessionPlugin, ISessionSource
 import binascii
+import datetime,time

 try:
     from AccessControl.requestmethod import postonly
@@ -85,7 +86,9 @@
         cookie=self.source.createIdentifier(userid)
         cookie=binascii.b2a_base64(cookie).rstrip()

-        response.setCookie(self.cookie_name, cookie, path=self.path)
+        expires = datetime.datetime.now() + datetime.timedelta(365)
+        expires = time.strftime("%a, %d-%b-%Y %H:%M:%S GMT", expires.timetuple())
+        response.setCookie(self.cookie_name, cookie, path=self.path, expires=expires)


     # IExtractionPlugin implementation

Once this patch is applied, the login cookie that Plone sets is going to last for a year, or until you log off explicitly (whichever happens first).

For plone 3.2.x users

  1. Open your ZMI interface
  2. In there, browse to your Plone site
  3. Browse into acl_users/session
  4. Click on the Properties tab
  5. Set the cookie lifetime in days to a number larger than 0.  Only positive integers are accepted.

Step 2: make Plone sessions last longer

However, this patch alone still won't keep you logged on -- your session with Plone will expire, by default, after thirty minutes of inactivity.  To change that, locate your Plone instance's etc/zope.conf file, and open it in a text editor.  Then look for the line that says # Directive: session-timeout-minutes.  You are going to add a new directive session-timeout-minutes like this:

session-timeout-minutes 10080

That makes Plone not expire its sessions in RAM for one week.  Or until you restart the server.  Your call.

And that's it!  Now your users' sessions and yours will last for a week or until you log off.  Just remember to explicitly log off whenever you're using a shared computer!

Keywords
hacks session cookie login Plone