We want our users to stay logged in while active, and to be logged out after 30 minutes of inactivity. For this purpose, it seems sensible to turn autoRenewCookie (in CWebUser) to true.
From CWebUser, "Note, when cookie-based authentication is enabled, all these persistent data will be stored in cookie." - this referring to having allowAutoLogin set to on.
Now:
I don’t want user details stored in the cookie (so need allowAutoLogin to be off)
I do want the user to be logged out after 30 minutes of inactivity
I don’t want the user to be logged out after 30 minutes if they are actively using the site
It feels like the above needs would be what most people would want, so wondering what we’re doing wrong!
After looking through the code for a bit, I think this is actually very easy. Unfortunately, I can’t confirm for you, so try it out and tell us if it works or not.