LISTSERV Tech Tip: How can I modify the duration of the LISTSERV web interface login cookies?

Tech Tip: LISTSERV

Q: How can I modify the duration of the LISTSERV web interface login cookies?

Answer by Liam Kelly
Senior Consulting Analyst, L-Soft

By default, when a user logs in to the LISTSERV web interface, the web browser stores a login cookie. As long as the cookie is present, the web interface does not require the user to log in again. However, some LISTSERV sites may require login cookies to expire after a specific amount of time. The LISTSERV template system makes cookie expiration time easy to set on either a per-user or sitewide basis.

User Preferences

Individual users can set their login cookie preferences by clicking on the Preferences option in the upper-right corner of the web interface.

Find the Login Cookie Expiration setting, and select the desired cookie duration. Selecting "Session" means that the cookie will expire when the browser session is closed.

Site Preferences

LISTSERV site administrators may set sitewide cookie expiration preferences. From the Server Administration menu, select Customization > Web Templates.

In the Template Name box, enter SKIN and click the Search button to find the "Global Skins" template.

Click Edit Template, and look for the following section:

+* Login Cookie Handling:
+* m - minutes (60m) - d - days (30d) - w - weeks (1w) - M - months (12M) - y - years (2y) - 0 - never expires
+* Defines expiration time of login cookies but allows users to override setting through personal preferences.
+SE EXPIRECOOKIE 0
+* Defines expiration time of login cookies and forces all users to use this setting.
+SE EXPIRECOOKIE_OVERRIDE
+* Disables cookie-based logins and only uses temporary tickets. This is not recommended.
+SE NOCOOKIES 0

By default, EXPIRECOOKIE is set to 0, which means that cookies never expire. The site administrator may override it by setting an expiration time in minutes, days, weeks, months or years. The new default setting will apply to all users who have not set their own preferences via the Preferences screen. To override user settings, you can also set an expiration time in the EXPIRECOOKIE_OVERRIDE setting. That setting applies regardless of any user preferences that may be set.

Note that it is also possible to disable login cookies entirely by setting NOCOOKIES to 1. This setting is not recommended; it means that the user will need to log in again every time the LISTSERV authentication ticket expires, even if they are still logged on and actively using the web interface.

References

LISTSERV 16.0 Customization Manual

Subscribe to LISTSERV at Work.