I am working on OTP based authentication system. I want to keep the OTP code in a session variable. and it must forget in 5 min in generating time. is it possible to use session or do need to use cookies?
$otp_code = random_int(10000, 99999);
session()->get('otp_code');
session()->forget('otp_code');
$session = Session::put('otp_code', $otp_code);
Related
I am trying to implement session management, where we store jwt token to redis. Now I want remove the key if the object idle time is more than 8 hours. Pls help
There is no good reason that comes to my mind for using IDLETIME instead of using the much simpler pattern of issuing a GET followed by an EXPIRE apart from very trivial memory requirements for key expiry.
Recommended Way: GET and EXPIRE
GET the key you want.
Issue an EXPIRE <key> 28800.
Way using OBJECT IDLETIME, DEL and some application logic:
GET the key you want.
Call OBJECT IDLETIME <key>.
Check in your application code if the idletime > 8h.
If condition 3 is met, then issue a DEL command.
The second way is more cumbersome and introduces network latency since you need three round trips to your redis server while the first solution just does it in one round trip if you use a pipeline or two round trips without any app server time at worst.
This is what I did using Jedis. I am fetching 1000 records at a time. You can add a loop to fetch all records in a batch.
Jedis jedis = new Jedis("addURLHere");
ScanParams scanParams = new ScanParams().count(1000);
ScanResult<String> scanResult = jedis.scan(ScanParams.SCAN_POINTER_START, scanParams);
List<String> result = scanResult.getResult();
result.stream().forEach((key) -> {
if (jedis.objectIdletime(key) > 8 * 60 * 60) { // more than 5 days
//your functionality here
}
});`
I have problem to make my application is not logged out user on activity
I have code like the picture above
as we know, modify the cakephp session is able by that code
"timeout" values is used to set how long session will be expired in a minutes. and the "autoRegenerate" value is used to renew the timeout value
and the last is "cookieTimeout" is used to set how long activity allowed
the crux of my question is how to auto regenerated the cookieTimeout cakephp in core.php (like renew "timeout" value with "autoRegenerate" => true)
Thanks in advance
there are 2 values in the config file for codeigniter session which i do not fully understand and hope someone can enlighten me, thanks.
# the number of SECONDS you want the session to last.
# by default sessions last 7200 seconds (two hours).
# Set to zero for no expiration.
$config['sess_expiration'] = 7200;
Q1) Will the application logout the user when the time(2 hrs after login) is up even though the user is still actively using the application?
# how many seconds between CI refreshing Session Information
$config['sess_time_to_update'] = 300;
Q2) Does this value affect the (Q1) senario?
The $config['sess_expiration'] is how long it will take before the session expires if there is no activity by the user on the session. $config['sess_time_to_update'] will update the expiration time every 5 minutes while the user is actively using the session.
So if the user logs in, has an expiration of 2 hours, and navigates around the site for 30 minutes and then leaves the site, they will have 2 hours from that point to visit again without needing to log in. If they do visit in those 2 hours, the expiration time will be reset to 2 hours from that point. If they don't visit again, they'll need to login.
Therefor if they are using the session they will not be logged out after 2 hours.
I have a webservice that stores an authenticated users token in the HttpRuntime.Cache to be used on all subsequent requests. The cached item has a sliding expiration on it of 24 hours.
Secondly I have a vb.net app that is pinging this webservice every 15 seconds. It gets authenticated once, then uses the cached token for all subsequent requests. My problem is that the application appears to lose authentication at random intervals of time less than the 24 hr sliding expiration. However with it getting pinged every 15 sec the authentication should never expire.
I am looking for a way to view the HttpRuntime.cache to try and determine if the problem is in the webservice security methods or within the vb.net app. Can I view the HttpRuntime.cache somehow?
The webservice is part of a web forms site that was built with asp.net 2.0 on a Windows Server 2008.
The name of my key's were unknown as they were system generated guid values with a username as the value. So in order to view a cache collection that was unknown I used a simple loop as follows.
Dim CacheEnum As IDictionaryEnumerator = Cache.GetEnumerator()
While CacheEnum.MoveNext()
Dim cacheItem As String = Server.HtmlEncode(CacheEnum.Entry.Key.ToString())
Dim cacheItem2 As String = Server.HtmlEncode(CacheEnum.Entry.Value.ToString())
Response.Write(cacheItem & ":" & cacheItem2 & "<br />")
End While
Hope this helps others.
First off, HttpRuntime.Cache would not be the best place to store user authentication information. You should instead use HttpContext.Current.Session to store such data. Technically the cache is allowed to "pop" things in it at its own will (whenever it decides to).
If you actually need to use the cache, you can check if your item is in the cache by simply doing:
HttpRuntime.Cache["Key"] == null
I'm using CodeIgniter 2.1
I use CodeIgniter's session to handle whether a user logged in or not. And it works well. I'm storing the sessions to a database. here are a few of my session variables:
$config['sess_expiration'] = 3600;
$config['sess_expire_on_close'] = TRUE;
$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'user_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = FALSE;
$config['sess_time_to_update'] = 15;
I'm using such a low sess_time_to_update increment because I needed a way to monitor whether a user has closed or navigated away from the page. Since CodeIgniter updates the last_activity column at every update (15 seconds) -To check for idleness I make a query like below (I know it's not correct language/syntax):
if last_activity < (current_time - 25s) then I know that a user has probably left the page.
The concept works good but I'm wondering if there are any unseen problems with updating the session table so frequently??
Thanks!
if last_activity < (current_time - 25s) only means that no requests were made in the last 25 seconds, not necessarily that the user has left.
The last activity won't actually update every 15 seconds unless the user is making a request every 15 seconds. For instance, if I open a page and read it for five minutes, the last activity won't update until the next request.
I'm wondering if there are any unseen problems with updating the session table so frequently
Just the little bit of overhead of updating the session table and refreshing the cookie. 15 seconds is a very small time frame, but it should be fine if that's what you really need.
If you don't want to update the session every five minutes do the following changes.
go to the session.php file in the System/libraries/Session.php and set all parameters like below to blanks. It's working for me.
public $sess_encrypt_cookie;
public $sess_use_database;