Following situation.
From Monday to Friday, between 8am and 7pm the session liftime for every user is rest minutes till 7pm. after 7pm session lifetime 15 Minutes. I find a solution to create a middleware and set config(['session.liftetime'].....) before the session is created. it works, but for every user.
After consulting the customer he want now the option in the login form, that the user can activate this function. so i need now customization the login and transfer the request infos of the form option to my middleware.
how can i solve this problem?
Thanks for every help
Related
I am using Laravel 8 AUTH package. Once user is login and if he idle for 15 min. then auto logout user and redirect to main website page.
or how to write corn job for it for I am doing corn job like below in 15Update.php corn script
but nothing happen.
You can change the lifetime in the config/session.php file to 15 min.
If you want to accurate time with idle time, you must handle it via the log table in the database.
If you want to handle it via package and middleware, please read this article.
Is it possible to log out a user after a certain amount of time in Sanctum stateful mode? For example the user will be logged out after 4 hours or at the end of the day.
I know that you can set the expiration date for API tokens but I want to log out the user after a certain amount of time in stateful mode (session-based auth).
To clarify, ANY user should be logged out after a certain amount of time. Like you see it in bank applications or other websites with greater security.
In .env you have a variable called SESSION_LIFETIME. That is stored in minutes. Change it in 240 if you want autologout on 4 hours
I’m using file sessions and trying to capture when a user is logged out. Not when they click the button to logout, but when they have left the page still logged in. I have an event listener setup for logout, but that does not seem to fire. Does anyone know how to capture or create an event when the session logout occurs.
Illuminate\Auth\Events\Logout' => ['App\Listeners\LogSuccessfulLogout',],
The session timeout happens on the client side so you won't be able to detect when that happens.
The best you can do is keep an activity log of each user and on each request, store a timestamp for that user. Then you'd be able to determine whose sessions are expiring by adding the lifetime variable in session.php Config::get('session.lifetime') to the latest timestamp in your activity table and comparing that to the current time.
If it's greater than or equal to the current time, you know their session has expired.
You'd likely need to setup a global middleware which updates your activity table which contains at minimum a user_id column and a timestamp column after each request for logged in users.
Then you'd want to setup a job which runs every minute or so which reads from your activity table, grabs the config value in session.php, and fire's the user logout event for each user it determines has the session expiring. When that starts firing, your 'App\Listeners\LogSuccessfulLogout' listener should start picking up that event.
I have auth working fine. Users can log in and out, no problem. The thing is, if users share a login, they can all be logged in at the same time as the one user. Not good.
I need to have CakePHP know when a user is logged in, which I assume is a process started using:
'Session' => [
'defaults' => 'database'
]
As per the Sessions book page.
It's then I get lost. Unless I have missed it there is no reference to limiting users to one active session each. Has anyone come across this before and, if so, how did you work around it?
To clarity:
All sessions deleted from DB & all cookies deleted in browser = nothing set in either when visiting the /users/login page (incidentally, this has been set up as per the tutorials - nothing fancy).
Login = session set in db with id corresponding to cookie in browser. Exactly what you'd expect.
Logout (which then redirects back to login) = old session removed then replaced by another in DB and cookie. Different id. So something is picking up the expired cookie and refreshing it. Hmm.
The information held in the cookie is just the session id. In the DB it's simply:
Session id | a blob | expiry time
I assume you save users and sessions in a database (by default in cakePHP it is named sessions).
Add an active_session field, update it upon login, check it on requests to ensure that current user session id matches the last one stored in the database.
On Login action do:
UPDATE `users` SET `active_session`='$session_id';
When user goes to a page that requires login, you search that value:
SELECT * FROM `users` WHERE `active_session` = '$session_id';
If the user signs in other place, the previous session key gets overwriten, and the SELECT above returns an empty result-set.
It's possible to clean the old session token before the update, so this way old session will be destroyed on per user basis.
Be careful, if you are using AuthComponent, it might rotate sessions itself, for more information you may find in the corresponding section of CakePHP manual.
I'd definitely go AuthComponent-way, and wouldn't re-invent the wheel in CakePHP.
I tie users to their cell phone. Every day they get a new 6 digit code via twilio sms. Makes it hard to share logins, but not impossible. Ultimately, I would like to track how many different machines a users uses per day and establish some fair use limitations. If a user uses three or four machines in a day, that's fine, but when they start using the same user id on twenty or fifty machines a day, that might be a problem.
I want to create an app , which brings a pop-up when the customer session is about to expire.
So for this purpose I will be requiring customer session value .
Please help .
Thanks .
You cant check session remaining time. Because whenever you access the system session will be automatically refreshed. You can check only that session is available or expire. And There is no php function to get it. But We can do it by ajax. For example your session expire time is 30min. Set ajax for every page get refreshed and calculate that time with minus the 30min. And show your pop up message at what time (remaining time ) you want..!!