Develop Reference

Laravel 5 - User not logout after session lifetime

I'm on Laravel 5.7 and trying to get it so that my session expires and logs me out after 2 minutes.
In my session.php file i did:
'lifetime' => 2,
'expire_on_close' => false,
I will then leave my computer for example like 15 minutes, come back, refresh, and I'm still logged in?
Can you tell me why and how to fix it. Many thanks.
Ok I've figured it out.
The reason is I'm using Auth::logoutOtherDevices in Login function, and this function automatically generates the remember me cookie.
Thank you guys so much.

update .env file
SESSION_LIFETIME=2

From the docs the lifetime looks like it is in seconds so the lifetime would be
SESSION_LIFETIME=120 and not 2.
Edit: Please could you try set the option:
'expire_on_close' => true,
This will force the session to expire on browse close.
I found a potential answer to your issue here: Laravel - Auth Session not expiring after browser close
It sounds like it could be a chrome problem.
Try your solution on firefox to see if it is a chrome issue.
Have a read of that thread i linked.

Please make sure to check with your configurations.
In Session.php set lifetime to your desired time for session expiration.
Also in upgraded versions of laravel session lifetime is not set hard anymore, instead it takes from .env file.
You can try below configurations.
In your config/session.php
'lifetime' => env('SESSION_LIFETIME', 2),
And set below key in your .env file
SESSION_LIFETIME=2

Hide Laravel 5.5 Programming Language

I have a problem with hiding the programming Language (Laravel 5.5) of my website
I tried a lot of different ways but did not get any result.
I changed my session config/session.php:
'cookie' => env(
'SESSION_COOKIE',
str_slug(env('APP_NAME', 'laravel'), '_').'_session'
),
but it hasn't worked.

If you do not want to show the programming language of your Website in Chrome extensions then you have to change the setting in php.ini
change expose_php = On
to
expose_php = off
You can also tweak it in your .htaccess.
Hope it helps.

You may need this basically for security reasons. When somebody installed this plugin (https://wappalyzer.com/download) on the browser, s/he can see all the frameworks and javascript libraries among other things.
So hide framwork name from plugin , just go in config/session.php file and edit bellow code
/*
|--------------------------------------------------------------------------
| Session Cookie Name
|--------------------------------------------------------------------------
|
| Here you may change the name of the cookie used to identify a session
| instance by ID. The name specified here will get used every time a
| new session cookie is created by the framework for every driver.
|
*/
'cookie' => env(
'SESSION_COOKIE',
str_slug(env('APP_NAME', 'yourname_that_you_want_to_add'), '_').'_session'
),

auto logout in Laravel 5.1

I am new to Laravel 5.1, so I don't know how to log out a authenticated user after few minutes of inactivity. I read many sources about session.php that tells that 'lifetime' is responsible for the same. I set the values as:-
'lifetime' => 1,
'expire_on_close' => true,
but still my session is not getting expired and logging out after a minute. Even when I close the tab its not logging out. Please I need help in this. Is there a table to store session or what is the solution for this?

'lifetime' => 1 means session will expire after 1 minute
by default its 2 hours 120
Another thing which does not allow user to logout is remember me
When you authenticate the user you would might passing and remember me parameter which does not allow user to expire.

/app/config/session.php
'lifetime' => 1,
'expire_on_close' => false,
_in command prompt
user#dev MINGW32 /f/xampp/htdocs/conference-room
$ composer dumpautoload
Generating autoload files
_wrote composer dumpautoload , then after that, start server(php artisan serve) to take effect.

csrf TokenMismatchException in Laravel

I created a webshop using Laravel and everything has been going smoothly until recently I started getting TokenMismatchExceptions.
The users are able to log in without any problems. The issue occurs whenever a user tries to add an item to the shopping-cart. I didn't really change anything on the page, and it seems that this started to occur by it self. The only thing I did to the server was clearing the cache. Could this cause the issue to occur?
All my controllers start with:
public function __construct() {
parent::__construct();
$this->beforeFilter('csrf', array('on'=>'post'));
}
My sessions config is set up like this:
/*
|--------------------------------------------------------------------------
| Default Session Driver
|--------------------------------------------------------------------------
|
| This option controls the default session "driver" that will be used on
| requests. By default, we will use the lightweight native driver but
| you may specify any of the other wonderful drivers provided here.
|
| Supported: "file", "cookie", "database", "apc",
| "memcached", "redis", "array"
|
*/
'driver' => 'file',
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => 15,
'expire_on_close' => false,
Am I using the csrf filter wrong? I can't seem to find a solution to this issue.
-EDIT-
I tried taking off my csrf filters from the controllers, and now the user gets automatically logged off when adding an item to the shopping-cart (I guess this is the problem).

CakePHP Session updates but cookie expiry doesn't

Short Question:
Why doesn't my session cookie's expiry time get updated in the browser when my session's expirty time is updated on the server?
Long Question:
I posted a similar question about this a few weeks ago but I didn't have all of the facts at the time. I now have more detail and the nature of the question has changed so I'm posting it as a new question.
First of all, in CakePHP 2, I've set up APP/Config/core.php with the following for the session:
Configure::write('Session', array(
'defaults' => 'database',
'cookie' => 'mycookie',
'timeout' => 1 // 1 minute - just for testing
));
So, I load a page which in my app which creates the session in the database. All good so far.
The session is stamped to expire at 1341288066 which is equal to Tue, 03 Jul 2012 04:01:06 GMT. Again, this is great because that's 1 minute from now. Exactly what I wanted.
If I look in Firefox's cookie screen, I find the cookie just as I would have expected it:
Name: mycookie
Content: aqm0gkmjfsuqje019at8cgsrv3
Host: localhost
Path: /
Send for: Any type of connection
Expires: Tue 03 Jul 2012 11:01:06 AM ICT // (04:01:06 GMT)
Now, within this 1-minute window, I go back to my app and refresh the page. Then, I check the session to see if it's updated. It shows 1341288122 against the session id aqm0gkmjfsuqje019at8cgsrv3 which is equal to Tue, 03 Jul 2012 04:02:02 GMT which, again, is what I expected. The expiry of the session has been updated to be 1 minute from when I last reloaded the page.
Unfortunately, the cookie in the browser is still set to Expires: Tue 03 Jul 2012 11:01:06 AM ICT (ie: 04:01:06 GMT) and that's exactly what it does, meaning that the next time I press refresh, Cake generates a brand new session ID even though the old one is still technically valid.
My question is basically what is going on here? Why doesn't the cookie get updated with the new expiry date in the browser?

The issue you have spotted is indeed unexpected and ends sessions where they should stay alive.
This is the result of how CakePHP uses the Session functions of PHP. There is an entry (#3047) in the CakePHP bugtracker, where Mark Story (CakePHP developer) agrees this should be fixed
I can agree that the cookies should be updated alongside the session times stored in the session. However, that's not how PHP's internal features for session handling work. There seem to be a few different ways to workaround this issue.
As this will change the current behavior (however weird it may be), the fix is postponed to version 2.3, though.
I think managing the cookie state outside of PHP is going to be the most appropriate solution. I don't know how safe of a change this is for existing applications though. Changing how sessions works can be dramatic change and allowing users to stay logge din much longer might not be what all developers are expecting.

This appears to be how PHP handles sessions. PHP does not update the cookie on each request (see: http://php.net/manual/en/function.session-set-cookie-params.php#100672). Instead of relying on the expiry time in this cookie, CakePHP compares the current time with the actual session timeout in Session::_validAgentAndTime().

The problem can be solved by using the two parameters in combination.
Configure::write('Session', array(
'cookie' => 'CAKEPHP',
'defaults' => 'php',
'timeout' => 60, // 60 minutes: Actual Session Timeout
'cookieTimeout' => 1440, // 1440 minutes: 24 hrs: Actual Cookie Timeout
'autoRegenerate' => true,
'requestCountdown' => 1,
'checkAgent' => false,
));
autoRegenerate: generates Session Cookie after refresh. The refresh count after which the Session Cookie should be regenerated is determined by the next parameter.
requestCountdown: keep the value of this parameter as low as possible. This is the number of refresh/reload after which the Session Cookie will regenerated.