Laravel Session Time Out Remaining - laravel

There's a variety of answers regarding detecting IF the session has timed out. I am NOT asking that.
I am asking, how can I tell exactly how much time is remaining the user's Laravel session.
Assume I am using the latest version of Laravel.
I am strongly interested in knowing what the Laravel subsystem thinks is the time left remaining before it's native/built-in session timeout expires.
I am strongly against rolling my own, or creating my own custom timer of any sort.
Not that it matters, but my session lifetime setting configuration (session.php) looks like this (below). And my .ENV setting is also SESSION_LIFETIME=10.
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => env('SESSION_LIFETIME', 10),

This question is very specific to the session handler in use. If you need to know the time remaining before it expires, you must calculate it manually depending on the session handler like so:
File session handler: remaining time = last modified timestamp of file + session lifetime - current timestamp
Cookie session handler: remaining time = cookie expiry time - current time
Database session handler: remaining time = last_activity column value in session table + session lifetime - current timestamp
Cache session handler: remaining time = cache ttl
The session drivers use different session handler implementations as follows:
Cookie driver: Cookie session handler
File driver: File session handler
Database driver: Database session handler
APC: Cache session handler
Memcached: Cache session handler
Redis: Cache session handler

Related

Understanding Laravel Session Handler

I am trying to understand Laravels session handler and can't find anything online. At the moment, in session.php I am doing
'lifetime' => 10,
I have the session driver set to file. So from what I have read, this sets the idle timeout of the session to 10 minutes.
So what does idle mean in this case? I am assuming it means if no request is sent to the server within 10 minutes it will expire. Is this correct?
Also, how can it tell if no request has been sent within 10 minutes? I have taken a look at the session file within storage, and I do not see any timestamp.
So how exactly does all of this work?
Thanks
Yes you are correct: if you don't send any request after the lifetime config value the session will be destroyed.
The Illuminate\Session\FileSessionHandler class has a gc() function, it is a garbage collector function that has a probability to be called on every request, you can control the chances with the session.lottery config value. This function destroy each session file that has a modified timestamp older than now - lifetime.
You can find the Illuminate\Session\FileSessionHandler class in the file vendor/laravel/framework/src/Illuminate/Session/FileSessionHandler.php if you want to take a look at the source code.

CAKEPHP Reset cookieTimeout on activity

I have problem to make my application is not logged out user on activity
I have code like the picture above
as we know, modify the cakephp session is able by that code
"timeout" values is used to set how long session will be expired in a minutes. and the "autoRegenerate" value is used to renew the timeout value
and the last is "cookieTimeout" is used to set how long activity allowed
the crux of my question is how to auto regenerated the cookieTimeout cakephp in core.php (like renew "timeout" value with "autoRegenerate" => true)
Thanks in advance

Session expiring in Yii2 despite user activity

I have started using Yii2 and need to store more information about user in identity. I already know that in Yii2, this should be done using sessions like
Yii::$app->session->set('user.company_id', '121');
This works fine as I am able to get these values later in project using:
Yii::$app->session->get('user.company_id');
. However, these session values are getting wiped up despite user activity on same pages. So after 5-10 minutes, the same user sees some fields based on session value, however, after 1 minute if I refresh the session values go away which should actually happen on session close or user logout.
Any suggestions what I am doing wrong?
First check your app\config\main.php or main-local.php if it contains:
'user' => [
...
'enableAutoLogin' => true,
...
],
Second check if you have a proper assignment to the value assigned to the variable:
$authTimeout;
$absoluteAuthTimeout;
See here for more.

stale session data - websphere

I'm having a stale attribute with the http session within Websphere 6 and may be related to in memory session replication..
Steps:
Object A.0 - Placed into the session with ID "ABC"
Remove A.0 from the session..
Object A.1 (New instance) - placed into Session with ID "ABC"
retrieve object with ID "ABC" from the session - RESULT: A.1 (Correct)
carry out a Servlet forward or a redirect (issues seen on both functions)..
retrieve "ABC" from the session - RESULT: A.0, the object that was removed from the session..
Notes -
Same Session object (hashcode/session ID) used in steps 1-5 using in
memory replication across 2 JVMs (single cluster)
time duration between steps 2 & 5 is total of 4 seconds
No other external threads have accessed the session in the interim..
Only noticed for 1 specific use-case; haven't encountered this in
other use-cases..
Anyone seen anything like this before where a stale data is being returned from the websphere application server?
Thanks,
Ian.
Are you explicitly writing the changed object back to the session before you forward/redirect? In at least some versions of WebSphere, in some configurations, you must do this to ensure the change is "committed".
(If I find a clear reference for this, I'll update my answer.)

CakePHP auth session vs. cookie not updating

I have a ACL+auth driven app. Everything works fine but I discovered that user is logged out after a random period of time. After doing some research I discovered that the cookie set once doesn't change it's expiration date on page refresh. So it goes like this:
I set up manually expiration time to 1 minute (Security.level low (with some changes in cake/libs) and timeout 60)
19:00:00 - user loads the page - cookie is set up
19:00:05 - user logs in (cookie doesn't change the expiration date)
19:00:30 - page refresh (cookie doesn't change the expiration date)
19:00:55 - page refresh (cookie doesn't change the expiration date)
19:01:05 - page refresh - user is logged out... (cookie expired after 1 minute)
So the problem is the user gets logged out after 60 seconds from setting a cookie in instead of 60 seconds of inactivity. Does CakePHP deal with cookie files automatically? Or do I have to take care about it myself?
All I did is set up a cookie name in config/core.php and setup auth. I don't have any cookie handling function, but the cookie is created itself - correctly, just isn't updated
I had the same issue and countered it with the following code which is called on every page load and ajax call.
if(isset($_COOKIE[Configure::read("Session.cookie")])){
$session_delay = Configure::read("Session.timeout") * (Configure::read("Security.level") == "low" ? 1800 : 100);
setcookie(Configure::read("Session.cookie"), $_COOKIE[Configure::read("Session.cookie")], mktime() + $session_delay, "/");
}

Resources