Below information applies to Joomla! 3 and 4.
With the release of Joomla! 1.6 its developers have changed the way in which a frontend user session expires. We believe that part of this change is not beneficial, because one of the consequences is, that a logged-in user session is automatically and periodically refreshed if the Login Form is displayed on the web page, a behaviour which is known as 'keep alive'. This means that the corresponding session will be kept alive beyond the session lifetime as configured in the Joomla! 3/4 global configuration and it reduces the effectiveness of the Login One! plug-in, see the examples below. The Login One! Premium and Business editions deal with this problem.
Unless you have already taken action, your Joomla! 3/4 website will most likely behave as in the following first example.
Example of standard Joomla! 3/4 behaviour with Login One! freeware edition:
- User logs into website (session A), leaves the session open, doesn't close the browser and abandons the work station.
- User attempts login on a different work station (session B). Access is denied and a message is displayed by Login One! advising user to wait for session A to expire.
- Approximately 1 minute before expiration of session A, session A is automatically refreshed (as if the user of session A hits the 'refresh' button). The waiting time for session B is reset and user continues to be denied access.
- In principle, session B can never be established as long as the Login Form is active on work station A. This is fine for trial purposes, but does not give optimum protection.
RECOMMENDATION: To achieve better protection, you should get and install the Login One! Premium or Business edition.
Example of standard behaviour of Joomla! 3/4 with Login One! Premium or Business edition (override activated):
- User logs into website (session A), leaves the session open, doesn't close the browser and abandons the work station.
- User attempts login on a different work station (session B). Access is denied and a message is displayed by Login One! advising user to wait X minutes for session A to expire. With every log-in attempt to establish session B, the waiting time counts down.
- When the waiting time has expired, user can log into the second work station; session B is established and session A is closed. This is the desired behaviour of the Login One! plug-in, provided you have installed and activated the plug-in properly.
IMPORTANT: The recommended behaviour as in the second example can only be achieved when the plug-in has been installed and activated properly. Instructions are included in the download package.