Starting with PHPRunner version 10.3, you can find a Session keys button on the Security screen. Click this button to open a popup containing PHP session name and JWT (JSON Web Token) secret key options.
Sessions never expire
This is not a secure option. Only use it for internal apps in a trusted environment.
Sessions expire after ...
Normally sessions expire after an amount of time specified in web server settings (session timeout). The default timeout depends on the web server and usually in the range of 20-30 minutes. To avoid making global changes to web server settings you can specify session timeout for your project.
Warn user when his session is about to expire
When this option is enabled a nice popup window will be shown to the end user when their session is about to expire. This page look can be changed in the Page Designer, under Common pages -> session_expired.
This option allows you to enter any string as a PHP session name.
If you have two PHP projects on the same server and you want them to share security settings (single sign-on), enter the same session name for both projects.
JSON Web Tokens are a secure, cryptographically protected way of exchanging data over the network.
In PHPRunner, JSON Web Tokens are encrypted with a secret key specific to your application. If you want the users to log in only once to access all your applications, make all your projects share the same secret key.
You can enter the same JWT secret key for all your projects on the Security screen -> Session keys dialog. This allows different projects to verify each other's tokens.
Lets say you have two projects that share the JWT key. In the first project, you can create a link to one of the second project pages (and vice versa). In the Menu Builder create a new item, choose to link to the External page and check off the checkbox saying 'Link to another application that shares the same JWT secret key'. This is it.
Visit https://jwt.io/ to learn more about JSON Web Tokens.
Security screen articles: