I am using next-auth in my next app for user authentification.
Each time the user switch to another window or tab in the browser, and go back to the application, the session takes a new expiration date like shown below :
{
expires: '2023-01-05T00:53:50.523Z',
accessToken: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjYzOTZiMTlhYTczMmUzMzYwMjU2ZjBlMiIsImlhdCI6MTY3Mjg3OTk3MCwiZXhwIjoxNjcyOTY2MzcwfQ.NSFAUb9kHgKkCoBtw60tG9vgOXMTwX8lD7Kgb8TxsFI'
}
swith tab and go back
{
expires: '2023-01-05T00:54:05.724Z',
accessToken: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjYzOTZiMTlhYTczMmUzMzYwMjU2ZjBlMiIsImlhdCI6MTY3Mjg3OTk3MCwiZXhwIjoxNjcyOTY2MzcwfQ.NSFAUb9kHgKkCoBtw60tG9vgOXMTwX8lD7Kgb8TxsFI'
}
Is it possible to prevent that ? I don't want to have a new expiration date. I read the official documentation but I found nothing about this feature.
Thank you for your attention!
you can set a refetchOnWindowFocus option to false on SessionProvider to avoid it auto refresh on every focus tab.
Documentation example
<SessionProvider
session={session}
// In case you use a custom path and your app lives at "/cool-app" rather than at the root "/"
basePath="cool-app"
// Re-fetch session every 5 minutes
refetchInterval={5 * 60}
// Disable Re-fetches session when window is focused
refetchOnWindowFocus={false}
>
<Component {...pageProps} />
</SessionProvider>;
Related
I have 3 sessions -
1- USER
2- LANGUAGE
3- COUNTRY
When session expires - user is redirect to login and receive a message: "You are disconnected by inactivity"
Its ok. but..
MY ISSUE:
Because I lost session - I lost ALL 3 Sessions - and I don't know the LANGUAGE and COUNTRY of the user.
Then I Always print an English alert (default language)
What I want:
A way to control de timeout of each session. With this I can expires User Session first - and get the other two parameters to print the right language.
Is it possible?
I know how to expires - but ALL sessions..
tks!
Use cookies, so you can control the time, even if the user closes the browser
Response.Cookies("name_cookie")("language") = 1
Response.Cookies("name_cookie")("country") = 1
Response.Cookies("name_cookie").Expires = now + 365
I have problem to make my application is not logged out user on activity
I have code like the picture above
as we know, modify the cakephp session is able by that code
"timeout" values is used to set how long session will be expired in a minutes. and the "autoRegenerate" value is used to renew the timeout value
and the last is "cookieTimeout" is used to set how long activity allowed
the crux of my question is how to auto regenerated the cookieTimeout cakephp in core.php (like renew "timeout" value with "autoRegenerate" => true)
Thanks in advance
I have started using Yii2 and need to store more information about user in identity. I already know that in Yii2, this should be done using sessions like
Yii::$app->session->set('user.company_id', '121');
This works fine as I am able to get these values later in project using:
Yii::$app->session->get('user.company_id');
. However, these session values are getting wiped up despite user activity on same pages. So after 5-10 minutes, the same user sees some fields based on session value, however, after 1 minute if I refresh the session values go away which should actually happen on session close or user logout.
Any suggestions what I am doing wrong?
First check your app\config\main.php or main-local.php if it contains:
'user' => [
...
'enableAutoLogin' => true,
...
],
Second check if you have a proper assignment to the value assigned to the variable:
$authTimeout;
$absoluteAuthTimeout;
See here for more.
I have a webservice that stores an authenticated users token in the HttpRuntime.Cache to be used on all subsequent requests. The cached item has a sliding expiration on it of 24 hours.
Secondly I have a vb.net app that is pinging this webservice every 15 seconds. It gets authenticated once, then uses the cached token for all subsequent requests. My problem is that the application appears to lose authentication at random intervals of time less than the 24 hr sliding expiration. However with it getting pinged every 15 sec the authentication should never expire.
I am looking for a way to view the HttpRuntime.cache to try and determine if the problem is in the webservice security methods or within the vb.net app. Can I view the HttpRuntime.cache somehow?
The webservice is part of a web forms site that was built with asp.net 2.0 on a Windows Server 2008.
The name of my key's were unknown as they were system generated guid values with a username as the value. So in order to view a cache collection that was unknown I used a simple loop as follows.
Dim CacheEnum As IDictionaryEnumerator = Cache.GetEnumerator()
While CacheEnum.MoveNext()
Dim cacheItem As String = Server.HtmlEncode(CacheEnum.Entry.Key.ToString())
Dim cacheItem2 As String = Server.HtmlEncode(CacheEnum.Entry.Value.ToString())
Response.Write(cacheItem & ":" & cacheItem2 & "<br />")
End While
Hope this helps others.
First off, HttpRuntime.Cache would not be the best place to store user authentication information. You should instead use HttpContext.Current.Session to store such data. Technically the cache is allowed to "pop" things in it at its own will (whenever it decides to).
If you actually need to use the cache, you can check if your item is in the cache by simply doing:
HttpRuntime.Cache["Key"] == null
I have a ACL+auth driven app. Everything works fine but I discovered that user is logged out after a random period of time. After doing some research I discovered that the cookie set once doesn't change it's expiration date on page refresh. So it goes like this:
I set up manually expiration time to 1 minute (Security.level low (with some changes in cake/libs) and timeout 60)
19:00:00 - user loads the page - cookie is set up
19:00:05 - user logs in (cookie doesn't change the expiration date)
19:00:30 - page refresh (cookie doesn't change the expiration date)
19:00:55 - page refresh (cookie doesn't change the expiration date)
19:01:05 - page refresh - user is logged out... (cookie expired after 1 minute)
So the problem is the user gets logged out after 60 seconds from setting a cookie in instead of 60 seconds of inactivity. Does CakePHP deal with cookie files automatically? Or do I have to take care about it myself?
All I did is set up a cookie name in config/core.php and setup auth. I don't have any cookie handling function, but the cookie is created itself - correctly, just isn't updated
I had the same issue and countered it with the following code which is called on every page load and ajax call.
if(isset($_COOKIE[Configure::read("Session.cookie")])){
$session_delay = Configure::read("Session.timeout") * (Configure::read("Security.level") == "low" ? 1800 : 100);
setcookie(Configure::read("Session.cookie"), $_COOKIE[Configure::read("Session.cookie")], mktime() + $session_delay, "/");
}