Extend the length of cPanel cookie?

Status
Not open for further replies.

sonicsshadow

Member
Messages
200
Reaction score
0
Points
16
I don't know why, but the cPanel cookie never lasts longer than a day. This is really annoying because cPanel also makes the field on the main page non autocomplete so I have to type in my username and password every time I want to login.

Is there anyway or any setting that I can change so that my cookie will never expire, or that can make my session time last longer?
 

garrettroyce

Community Support
Community Support
Messages
5,604
Reaction score
245
Points
63
I'm almost 100% sure that CPanel does not use cookies for the login information. If I open my CPanel and close the browser then try to open it again, it re-prompts for the password. I'm sure this is by design to make your CPanel more secure. I can't think of a way to avoid having to do this every time you open the page.
 

leafypiggy

Manager of Pens and Office Supplies
Staff member
Messages
3,819
Reaction score
163
Points
63
cpanel stores a cookie until you close the browser.

There's no way to change this.
 

wildcatvideo

New Member
Messages
7
Reaction score
0
Points
0
In other words, CPanel stores login info as session variables? If that is so, the cookie is only used to identify the session and it expires as soon as either the session expires or the browser closes.

I disagree that there is "no way" to change this, since a programmer with access to the source code could easily change the mechanism to use a regular cookie with a long expiration. Perhaps it is more accurate to say that there is no way that we, as users, can change this.
 
Last edited:

garrettroyce

Community Support
Community Support
Messages
5,604
Reaction score
245
Points
63
In other words, CPanel stores login info as session variables? If that is so, the cookie is only used to identify the session and it expires as soon as either the session expires or the browser closes.

I disagree that there is "no way" to change this, since a programmer with access to the source code could easily change the mechanism to use a regular cookie with a long expiration. Perhaps it is more accurate to say that there is no way that we, as users, can change this.

Well said :p

I haven't had it ever "time out" by having a browser open too long, so I suppose if you could find a way to keep an open connection to your CPanel and maybe refresh it periodically, it would be ok. Maybe, for you linux users, you could use a cron job with wget and feed it your cpanel cookie from your browser? There's probably some windows equivalent. But really, after you do all that work, you probably cost yourself about 200 cpanel logins :biggrin:
 

leafypiggy

Manager of Pens and Office Supplies
Staff member
Messages
3,819
Reaction score
163
Points
63
It's against the cPanel AUP to edit the source code I believe.

You *could* use a cookie editor, but I'm not sure it will work. let me test it.

EDIT:

Yes, cPanel stores two cookies relating to the login.

"cpsession" ( your cpanel username followed by a random hash, expires at end of session (browser close))
"cprelogin" (Default value is 'no', expires at end of session (browser close) )

I'm sure you could use a cookie editor to make these expire never, or at a later date. However I'm also pretty sure that cPanel stores its own statistics in it's backend, and only allows you to stay logged in for a certain period of time.

For example, I've left cPanel open over night (9 hours) and when I came back, I attempted to open a link. It asked me to login again.

There you go. I would just like to finish by telling you that if you do in fact are able to stay logged in for longer than one session, it opens up major security holes in your account, as anyone using that browser can access your account.

Thanks,
 
Last edited:

garrettroyce

Community Support
Community Support
Messages
5,604
Reaction score
245
Points
63
It's against the cPanel AUP to edit the source code I believe.

You *could* use a cookie editor, but I'm not sure it will work. let me test it.

I would think that session length/autocomplete would be a setting somewhere in the bowels of the admin settings. I'm alright with it how it is, but it's always fun trying to figure out how to stick it to the man :p
 

wildcatvideo

New Member
Messages
7
Reaction score
0
Points
0
Yes, the session timeout value is a server-side parameter. Most default to 20 minutes or so. If the server goes longer than that amount of time without hearing from something client-side (your browser) that presents that session ID cookie, the session times out and all session-related data (like your login status) is dropped. There's no way to change that client-side, except to periodically hit the server (like with a refresh), thereby keeping the session alive. Maybe there are session-maintaining apps out there, but that really doesn't address the OP's issue.

BTW - I wasn't advocating any of us altering the CPanel code to use permanent login cookies. However x10 could request that enhancement from the good folks that provide CPanel.
 
Status
Not open for further replies.
Top