Please enable JavaScript to view this site.

Navigation: Using PHPRunner > Security

Session control

Scroll Prev Next More

 

Starting with PHPRunner version 10.3, you can find a Session keys button on the Security screen. Click this button to open a popup containing PHP session name and JWT (JSON Web Token) secret key options.

security_session_keys_php

Session control

Sessions never expire

 

This is not a secure option. Only use it for internal apps in a trusted environment.

Sessions expire after ...

 

Normally sessions expire after an amount of time specified in web server settings (session timeout). The default timeout depends on the web server and usually in the range of 20-30 minutes. To avoid making global changes to web server settings you can specify session timeout for your project.

 

Warn user when his session is about to expire

 

When this option is enabled a nice popup window will be shown to the end user when their session is about to expire. This page look can be changed in the Page Designer, under Common pages -> session_expired.

PHP session name

This option allows you to enter any string as a PHP session name.

 

If you have two PHP projects on the same server and you want them to share security settings (single sign-on), enter the same session name for both projects.

JSON Web Token secret key

JSON Web Tokens are a secure, cryptographically protected way of exchanging data over the network.

 

In PHPRunner, JSON Web Tokens are encrypted with a secret key specific to your application. If you want the users to log in only once to access all your applications, make all your projects share the same secret key.

 

You can enter the same JWT secret key for all your projects on the Security screen -> Session keys dialog. This allows different projects to verify each other's tokens.

 

Note: it makes more sense when both projects have matching usernames. In this case user will be assigned the same permissions in the second project.

 

 

Lets say you have two projects that share the JWT key. In the first project, you can create a link to one of the second project pages (and vice versa). In the Menu Builder create a new item, choose to link to the External page and check off the checkbox saying 'Link to another application that shares the same JWT secret key'. This is it.

 

Visit https://jwt.io/ to learn more about JSON Web Tokens.

 

Note: we do not recommend using both PHP sessions and JWT tokens at the same time as the will be a conflict. JSON Web Tokens is a better option.

Security screen articles:

Security screen

Login form appearance

Two-factor authentication

Registration and passwords

Advanced security settings

User group permissions

Dynamic permissions

Audit and record locking

Encryption

Active Directory

Facebook connect

Sign in with Google

CAPTCHA on authentication pages

See also:

Security API

Datasource tables screen

Miscellaneous settings

Page Designer

Event editor

 

Created with Help+Manual 7 and styled with Premium Pack Version 3 © by EC Software