How can I extend the default session duration in Concrete 5.7? - session

How can I extend the default duration of sessions in the Concrete5 CMS (v5.7)? It feels like I have to login again way too frequently.

One way I discovered to achieve this is by modifying the session-handling settings inside /application/config/concrete.php:
return [
//----------------------- SUPER LONG SESSIONS -------------------------
// We want to extend the session cookie to last for 4 months
// so that users are not bugged for their password all the time.
// WARNING: This does reduce security and potentially increase the chance of
// session-hijacking but if you're willing to make the trade-off, here goes
'session' => [
'name' => 'CONCRETE5',
'handler' => 'file',
// We'll use our own specific save_path so that others on our
// server don't garbage-collect our sessions
'save_path' => DIR_APPLICATION . '/files/tmp/sessions',
// 40 days (in seconds). This is a timeout value.
// If session is not used for 40 days, it is likely to be garbage collected
'max_lifetime' => 3456000,
'cookie' => [
'cookie_path' => false,
// This defaults to 0 which is a session cookie
// (ends when browser is closed)
// Extending to last 4 months (in seconds). Cookie will span multiple
// browser restarts up until this max value, and then user will be forced
// to login again (yes, even in the middle of a session, beware!)
'cookie_lifetime' => 10510000,
'cookie_domain' => false,
'cookie_secure' => false,
'cookie_httponly' => true
]
],
// Browser user-agents and IP addresses may change within that time
// so we will disable strict checking for those
'security' => [
'session' => [
'invalidate_on_user_agent_mismatch' => false,
'invalidate_on_ip_mismatch' => false
],
]
];
Sidenote:
The specific groups a member is a part of are stored in the session and only refreshed when logging in, or when certain permissions are changed in the Dashboard. When this occurs, Concrete5 automatically updates the timestamp in /application/config/generated_overrides/concrete.php, but you can also do this manually if you want to force users' permissions to be refreshed mid-session:
return array(
...
'misc' => array(
'access_entity_updated' => 1453869371,
),

Related

CakePHP 3.x ORM doesn't use cache data when key exists

CakePHP 3.5.13 with Redis configured as the cache engine:
// config/app.php
'Cache' => [
'default' => [
'className' => 'Redis',
'duration' => '+1 hours',
'prefix' => 'cake_redis_',
'host' => '127.0.0.1',
'port' => 6379,
],
];
I have a table with ~260,000 rows in it and a corresponding Table class called SubstancesTable.php. I'm attempting to get the first 5000 rows and then cache the results, so that on subsequent queries, the cached results are used rather than executing the same query:
// Controller method
public function test()
{
$this->autoRender = false;
$Substances = TableRegistry::get('Substances');
// Get 5000 rows from table
$query = $Substances->find('list')->limit(5000);
// Write to cache
$query->cache('test_cache_key');
// Output the results
debug($query->toArray());
}
When I login to Redis (running redis-cli through ssh on my webserver), I can see a key has been generated with the name "test_cache_key":
127.0.0.1:6379> KEYS *
1) "cake_redis_test_cache_key"
I can also see the serialized data in there using GET cake_redis_test_cache_key.
When I execute the above in a browser, there is virtually no difference in the time taken between the cache not existing, and after the cache has been created. I have deleted the cached key in Redis using DEL cake_redis_test_cache_key and confirmed it has gone by listing the keys in Redis (KEYS *)
Clearly Cake isn't reading from the cache in this situation, even though it's writing to it without problems. Why is this happening?
The documentation (https://book.cakephp.org/3.0/en/orm/query-builder.html#caching-query-results) is not clear. Do I need to do something else to get it to read the results from the cache? I've also read CakePHP 3: find() with cache but can't see what's being done differently to what I'm doing above.

Yii2 session expires after user is idle for a fixed seconds despite session timeouts being set to at least 20 minutes

'user' => [
'enableAutoLogin' => true,
'identityCookie' => ['name' => '_identity-backend', 'httpOnly' => true],
],
'session' => [
'timeout'=>24*60*60,
],
I have already added these codes in my config/main file
My answer employs the user of Yii2 user authentication module.
According to the API documentation for the login method for Yii2, the login method sets the identity cookie to be session based, since the default duration is 0.
public boolean login ( yii\web\IdentityInterface $identity, $duration = 0 )
However, by specifying the duration when calling the login method, the cookie is stored for the duration specified. As long as cookie-based login is enabled, the user's login would refreshed. See example below.
if(Yii::$app->getUser()->login($user, 24 * 60 * 60)) {
// Login Successful, perform appropriate action here
}

Zend 2 How to Disable shared instantiation of services on the fly

In Zend 2, we use the function get() to get the same instance of a service when we request it multiple times. It is created the first time and cached during the request. That's what a shared service is.
$ar = $this->serviceLocator->get('ActionResponsibility');
Now a non-shared service will create a new instance every time it is requested. to do this we have to change the configuration file as following:
<?php
return [
'service_manager' => [
'invokables' => [
'MyService' => 'Application\Service\MyService',
'AnotherService' => 'Application\Service\AnotherService',
],
'shared' => [
'MyService' => false,
'AnotherService' => false,
'ThirdPartyService' => true,
],
// [...]
]
];
The Questions is, how can we get a new instance only when required in the code, isn't there a way in using the get() function to force a new instance instead of a cached copy?
You can use the build method instead of get to retrieve a new non cached instance.
$ar = $this->serviceLocator->build('ActionResponsibility');

Using Yii2's default messages

I can't figure out, how to use Yii's default messages, without overwriting them with the message command.
I have 2 translation categories: app, data.
I'd like to use the default messages, like "Are you sure you want to delete this item?" and "(not set)" from the Yii2 core, but if I use Yii::t('yii', 'Are you sure you want to delete this item?') and then run the yii message command, it creates a yii.php file in the messages folder with this token.
Part of my config:
'i18n' => [
'translations' => [
'app*' => [
'class' => 'yii\i18n\PhpMessageSource',
'basePath' => '#app/messages',
],
'data*' => [
'class' => 'yii\i18n\PhpMessageSource',
'basePath' => '#app/messages',
],
],
],
How should I set up my config to use the built in texts and not to overwrite them?
You don't have to do anything. The yii-category is automatically defined as soon as you use translation and it points to the messages in the framework.
That it creates an empty file is for 'yii' is normal, because you actually use that category in your code. This is unrelated to where the messages will be loaded from during normal execution.
Just make sure that you configure your apps' language and sourceLanguage correctly if not already done.

after installing magento cannot login admin

After installing Magento admin panel cannot log in. I have installed magento on my localhost. After all the setup when I used the admin page to login I can't able to login in chrome browser even with my right username and password
I found this solution : Go to app/code/core/Mage/Core/Model/Session/Abstract/Varien.php file within your magento directory and comment out these 3 lines of code :
Also the comma must be removed from the file .Save it and try to login to your magento admin panel.
// 'domain' => $cookie->getConfigDomain(),
// 'secure' => $cookie->isSecure(),
// 'httponly' => $cookie->getHttponly()
first check your local server (like wamp, xammp etc) is working correct
second chack your appache configaration port is 80 .... and
third goto magento directory and see if manifast.flag file in that directory delete it ...
Try it in Firefox , I have faced the same issue but when i tried in Firefox i logged in successfully.
it happens to me after installing everytime,
find this file:
app\code\core\Mage\Core\Model\Session\Abstract\Varien.php
And commenting out the following (it's lines 85 to 102)
// session cookie params
$cookieParams = array(
'lifetime' => $cookie->getLifetime(),
'path' => $cookie->getPath()//,
//'domain' => $cookie->getConfigDomain(),
//'secure' => $cookie->isSecure(),
//'httponly' => $cookie->getHttponly()
);
//if (!$cookieParams['httponly']) {
// unset($cookieParams['httponly']);
// if (!$cookieParams['secure']) {
// unset($cookieParams['secure']);
// if (!$cookieParams['domain']) {
// unset($cookieParams['domain']);
// }
// }
//}

Resources