auto logout in Laravel 5.1 - laravel

I am new to Laravel 5.1, so I don't know how to log out a authenticated user after few minutes of inactivity. I read many sources about session.php that tells that 'lifetime' is responsible for the same. I set the values as:-
'lifetime' => 1,
'expire_on_close' => true,
but still my session is not getting expired and logging out after a minute. Even when I close the tab its not logging out. Please I need help in this. Is there a table to store session or what is the solution for this?

'lifetime' => 1 means session will expire after 1 minute
by default its 2 hours 120
Another thing which does not allow user to logout is remember me
When you authenticate the user you would might passing and remember me parameter which does not allow user to expire.

/app/config/session.php
'lifetime' => 1,
'expire_on_close' => false,
_in command prompt
user#dev MINGW32 /f/xampp/htdocs/conference-room
$ composer dumpautoload
Generating autoload files
_wrote composer dumpautoload , then after that, start server(php artisan serve) to take effect.

Related

Laravel automatically logged out with multiple users?

I'm currently developing a website with multiple users.
I tested logging in the other users in incognito and after a few seconds some of them automatically logs out.
When using only 1 user the website doesn't logs out and working fine.
I'm using
I already changed the SESSION_DRIVER in to database in the .env file but still logging out occurs. Do you know any explanation about this? Thank you.
public function grant_auth($name,$section)
{
$data_auth =
[
'name' => $name,
];
if(Auth::attempt($data_auth))
{
Session::put('section',$section);
Session::save();
return Redirect::route('dashboard');
}
else
return Redirect::to('login');
}
Im granting authentication using this code. I didn't use php artisan make:auth.
change your config/session.php
'lifetime' => 4320,
'expire_on_close' => false,
after that clear config cache
php artisan config:cache
more here: Laravel session expire time for each session

Laravel 5 - User not logout after session lifetime

I'm on Laravel 5.7 and trying to get it so that my session expires and logs me out after 2 minutes.
In my session.php file i did:
'lifetime' => 2,
'expire_on_close' => false,
I will then leave my computer for example like 15 minutes, come back, refresh, and I'm still logged in?
Can you tell me why and how to fix it. Many thanks.
Ok I've figured it out.
The reason is I'm using Auth::logoutOtherDevices in Login function, and this function automatically generates the remember me cookie.
Thank you guys so much.
update .env file
SESSION_LIFETIME=2
From the docs the lifetime looks like it is in seconds so the lifetime would be
SESSION_LIFETIME=120 and not 2.
Edit: Please could you try set the option:
'expire_on_close' => true,
This will force the session to expire on browse close.
I found a potential answer to your issue here: Laravel - Auth Session not expiring after browser close
It sounds like it could be a chrome problem.
Try your solution on firefox to see if it is a chrome issue.
Have a read of that thread i linked.
Please make sure to check with your configurations.
In Session.php set lifetime to your desired time for session expiration.
Also in upgraded versions of laravel session lifetime is not set hard anymore, instead it takes from .env file.
You can try below configurations.
In your config/session.php
'lifetime' => env('SESSION_LIFETIME', 2),
And set below key in your .env file
SESSION_LIFETIME=2

Laravel 5.1 Configuration Session Lifetime Apply Changes

simple question here. In my laravel config/session.php I have changed the lifetime value from the default 2 hours to this:
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => 1440,
'expire_on_close' => true,
/*
However, even though this is what I have on my server, it still sticks to the default 2 hour session. I can verify this by seeing the cookie laravel_session which always maxes out in 2 hours.
What am I missing? Is there a separate configuration file or value I need to change to apply my new lifetime?
Edit: Well apparently you can't expect both the lifetime and the expire_on_close option to both be operating at the same time because they utilize two different types of cookies, but I still don't understand why if I have the expire_on_close set to true why my cookie is expiring in 2 hours rather than when the browsing session ends?
php artisan config:cache applies changes to the configuration files!

cakephp session timeout not working

I have cakephp site, I was having problem that was after being idle for about >= 1 hour it gets log-out automatically
so I googled to extend timeout for that I wrote the following in core.php
Configure::write('Session', array(
'defaults' => 'php',
'timeout' => 28800, // 8 hours.
)
);
I want to keep a logged in user logged-in even after being idle for less than 8hours
but this is not working
how can I sort out this?
According to CakePHP manual, the unit of Session.timeout option is "minute", so 8 hours should be 60*8=480
Regarding the setting not work, I think maybe you could try to clean the cakePHP cache files / restart web server or change the debug level to 2 for troubleshooting?
CakePHP 2.0 manual sessions
May be you are using CakePHP 3, that is why you are facing this issue. Session timeout does not work in CakePHP 3, You might use cookie_lifetime, please check https://github.com/cakephp/cakephp/issues/5664
I had the same problem in CakePHP 1.3
The problem was that CakePHP was using the settings defined in php.ini instead of the one I was defining in core.php
So I had to change in core.php:
Configure::write('Session.save', 'php');
to
Configure::write('Session.save', 'cake');
And it worked like a charm!

Laravel 4.1 session variables getting randomly forgotten

I'm using a Laravel 4.1 app on Apache, and everything is working fine on my local dev machine, but on my staging machine (which is on a shared host) users are randomly getting logged out and prompted to enter their credentials again.
The relevant settings:
app/config/session.php:
<?php
return array(
'driver' => 'file',
'lifetime' => 120,
'expire_on_close' => true,
'files' => storage_path().'/sessions',
'connection' => null,
'table' => 'sessions',
'lottery' => array(2, 100),
'cookie' => 'laravel_session',
'path' => '/',
'domain' => null,
'secure' => false,
);
using Laravel's default authentication driver
php.ini:
gc_maxlifetime=1440
gc_probability=1
gc_divisor=100
This does not seem to be the same as the issue some others have experienced here. The session file is not getting cleared by php. Just a few of the session variables are getting dropped randomly.
I tail -F'd the session file and could see when the variables are getting dropped between one request and the next. It looks like this (formatted for easier reading) before:
a:4:{
s:5:"flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}
s:6:"_token";s:40:"hvuw9VWWjssSwUL2C5eVSn0qZ2g1cwVF5YCEsLG7";
s:38:"login_82e5d2c56bdd0811318f0cf078b78bfc";i:2;
s:9:"_sf2_meta";a:3:{s:1:"u";i:1399318721;s:1:"c";i:1399318011;s:1:"l";s:1:"0";}}
and after:
a:3:{
s:6:"_token";s:40:"7o3b6NhiuDKXq4ftvngUefqe6cWybX1tzPEcDaxk";
s:9:"_sf2_meta";a:3:{s:1:"u";i:1399318721;s:1:"c";i:1399318721;s:1:"l";s:1:"0";}
s:5:"flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}}
The login_ session is gone, which results in Laravel's Session class assuming the user is not authenticated. I am not sure why this session variable is getting dropped, though. None of Session::forget, ::clear(), ::remove() or ::invalidate() are being called on the login session variable as far as I can tell.
I also noticed that the _token variable is constant between requests until the moment when the issue arises at which point it changes, as you can see above.
Any idea what's going on here?
Switching to the database session manager seems to have solved the problem. I suspect that there was some way on my host server configuration that php was wiping out the session files.

Resources