Total time logged in.

[iago]

If you leave your browser open on a page and don't click anything, the site has no way to know that you're still there (because you aren't sending it any requests).

I believe SMF keeps a 10 minute session open and then re-leases that time every new request you send. I don't remember where I read that though.

Yeah, that's pretty much the only way to do it. And it makes sense.

[deadly7]

Yeah, that's pretty much the only way to do it. And it makes sense.

How do they keep timed session? Is it just a timestamp stored in a cookie that then gets read by the website?

[iago]

Yeah, that's pretty much the only way to do it. And it makes sense.

How do they keep timed session? Is it just a timestamp stored in a cookie that then gets read by the website?

No idea, but the most logical way to time a session would be to measure time between page hits. After a certain threshold, it counts as a new 'visit'.

[Joe]

They could just set a last visit field on your user row in the database. If you did it with a session variable cookie, you could hack it each time so your last load was 9 minutes and 50 seconds previous and rack up time very quickly. Then again, only the truly paranoid would protect against this attack.

EDIT -
It's 7:02 AM. That's my excuse and I'm sticking with it.

[deadly7]

They could just set a last visit field on your user row in the database. If you did it with a session variable cookie, you could hack it each time so your last load was 9 minutes and 50 seconds previous and rack up time very quickly.

I'd understand for something meaningful why they would protect against that. My credit card website times you out after a certain amount of inactivity and you have to log back in. For SMF, I can't understand any reason for doing so.

[Newby]

My credit card website times you out after a certain amount of inactivity and you have to log back in. For SMF, I can't understand any reason for doing so.

Likely the same way it does it.

The way the Last Activity page works is that it lists the last users logged in, the last page they loaded and how long ago that was. Within 15 minutes of you loading that page. Anyone wanna bet it has something to do with that?

(It adds your time between page loads to your total time logged in, and if you don't load a page after 15 minutes it adds 15 minutes and kills your session.)

Were we still really wondering how it works? Maybe I just jumped to conclusions.

Basically anyone that wanted to cheat that number could load Opera and have it refresh once every 15 minutes. Any faster than that and you're just wasting iago's precious bandwidth.