I noticed something a little unsettling and wanted to know if it's of any concern or if there is some sort of security feature in place (ie. login timeout) to prevent it.
I found that if a user is logged in when their EOT expires, they will still have access to the site for as long as they remain logged in. As long as they don't clear their cookies or sign out the EOT will never take effect (until they logout).
I know there is a plugin for auto-logout of inactive users but assuming you aren't using something like that, does s2member have anything built-in to prevent this?
http://wordpress.org/extend/plugins/auto-logout/
Bypass EOT?
s2Member Plugin. A Membership plugin for WordPress®.
2 posts
• Page 1 of 1
Bypass EOT?
by theone » April 30th, 2011, 5:59 pm
-
theone - Registered User
- Posts: 47
- Joined: October 3, 2010
Re: Bypass EOT?
by Jason Caldwell » May 3rd, 2011, 9:01 pm
Thanks for reporting this important issue.
Sorry for any confusion. That's NOT the case.
WordPress/s2Member pulls the User object on each page view. When an EOT occurs, it would take affect immediately; even if the User/Member is already logged-in. By default, s2Member will only demote the Member back down to a Free Subscriber. So this means the User would continue to have access to the Login Welcome Page, as do all Users, regardless of Level. However, they would immediately lose access to all paid areas of the site, protected at Level #1 or higher. This is also true for any Custom Capabilities. The only thing that *could* have a negative effect on this, is if you are using some advanced database caching plugin, which might take a bit longer to renew it's DB cache. In that case, it could take several minutes before the User/Member actually loses paid access.
Sorry for any confusion. That's NOT the case.
WordPress/s2Member pulls the User object on each page view. When an EOT occurs, it would take affect immediately; even if the User/Member is already logged-in. By default, s2Member will only demote the Member back down to a Free Subscriber. So this means the User would continue to have access to the Login Welcome Page, as do all Users, regardless of Level. However, they would immediately lose access to all paid areas of the site, protected at Level #1 or higher. This is also true for any Custom Capabilities. The only thing that *could* have a negative effect on this, is if you are using some advanced database caching plugin, which might take a bit longer to renew it's DB cache. In that case, it could take several minutes before the User/Member actually loses paid access.
~ Jason Caldwell / Lead Developer
& Zeitgeist Movie Advocate: http://www.zeitgeistmovie.com/
Is the s2Member plugin working for you? Please rate s2Member at WordPress.org.
You'll need a WordPress.org account ( comes in handy ). Then rate s2Member here
.
& Zeitgeist Movie Advocate: http://www.zeitgeistmovie.com/
Is the s2Member plugin working for you? Please rate s2Member at WordPress.org.
You'll need a WordPress.org account ( comes in handy ). Then rate s2Member here
-
Jason Caldwell - Lead Developer
- Posts: 4045
- Joined: May 3, 2010
- Location: Georgia / USA
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: Exabot [Bot], Google [Bot], Yahoo [Bot] and 1 guest