When a client visits your site the software sets a cookie on their browser that connects to a session reference with the database. The software DOES NOT save any personal information to the clients browser. That cookies connects them to a session reference within the database that is recalled every time the client returns to your site. This allows the software to save information about their visit and keep track of status with reference to specific features on the software. If a user is logged in this session keeps that logged in status as long as the client is logged in or the session is within the database.

The amount of time that session is kept within the database is a configuration within the software. This "session timeout" is the amount of time that session is kept in the database between visits before the software automatically removes their session information. The session timeout is the amount of time allowed between "hits" to the software before that session is removed. The "hit" simply means a request of a page or routine from their browser. So if the session timeout is 1 hour the client has one hour between hits to the site before that session is automatically removed. Note that if the client requests a listing details page and then just looks at that page and clicks nothing else in the page/site for 2 hours their session would have been removed after one hour (with a one hour session timeout).

The session timeout is configured here in the admin tool:

ADMIN TOOLS & SETTINGS > SECURITY SETTINGS > GENERAL SECURITY SETTINGS > Session Time-Out

And looks like this in the admin tool:

Note that you can set the timeouts for the admin and client accounts separately. The defaults for both at installation of the software is 1 hour (3600 seconds). If you wish to change that timeout you would insert configurations based on seconds.

1 hour session timeout = 3600 seconds
2 hour session timeout = 7200 seconds
1 day session timeout = 86400 seconds
1 week session timeout = 604800 seconds

I believe we've illustrated the time concepts in the examples above. If you want something in between the above just remember one hour and one day configurations and do the math from there.

The admin session can be a little longer to make it easier for the admin when configuring the site. We don't advocate longer periods for the client user but this should be a configuration you weigh between security and convenience.

<tip c n>Note that the statistic produced in the PAGE MODULES > MISC > Total Live Users (!MODULE_TOTAL_LIVE_USERS!) module does a count of the current users in the geodesic_sessions database table. This table contains all of the sessions mentioned above. Increasing or decreasing the session time-out on the client side will have an effect on the statistic produced by this module. Increasing the session time out time increases the amount of time before a session is removed from the geodesic_sessions table and thereby increasing the number of sessions/users that will be in the database at any one time. Also reducing the session time-out will reduce the number of users/sessions within the database at any one time. If you were to double the default session time-out value to just 7200 seconds would conceivably double the count of sessions counted in this statistic.</tip>

<tip c n>Also note that if a specific clients browser has a problem saving/returning cookies or has set their browser to refuse cookies can inflate this statistic quite a bit. All it takes is one of these users to visit 50 pages on your site to inflate the session count by that much.

Visits from search engines should not affect this stat either as they should be within the user agent file of visitors that will not cause a session to be created. </tip>