there are 2 values in the config file for codeigniter session which i do not fully understand and hope someone can enlighten me, thanks.
# the number of SECONDS you want the session to last.
# by default sessions last 7200 seconds (two hours).
# Set to zero for no expiration.
$config['sess_expiration'] = 7200;
Q1) Will the application logout the user when the time(2 hrs after login) is up even though the user is still actively using the application?
# how many seconds between CI refreshing Session Information
$config['sess_time_to_update'] = 300;
Q2) Does this value affect the (Q1) senario?
The $config['sess_expiration'] is how long it will take before the session expires if there is no activity by the user on the session. $config['sess_time_to_update'] will update the expiration time every 5 minutes while the user is actively using the session.
So if the user logs in, has an expiration of 2 hours, and navigates around the site for 30 minutes and then leaves the site, they will have 2 hours from that point to visit again without needing to log in. If they do visit in those 2 hours, the expiration time will be reset to 2 hours from that point. If they don't visit again, they'll need to login.
Therefor if they are using the session they will not be logged out after 2 hours.
Related
I am working on OTP based authentication system. I want to keep the OTP code in a session variable. and it must forget in 5 min in generating time. is it possible to use session or do need to use cookies?
$otp_code = random_int(10000, 99999);
session()->get('otp_code');
session()->forget('otp_code');
$session = Session::put('otp_code', $otp_code);
I have 3 sessions -
1- USER
2- LANGUAGE
3- COUNTRY
When session expires - user is redirect to login and receive a message: "You are disconnected by inactivity"
Its ok. but..
MY ISSUE:
Because I lost session - I lost ALL 3 Sessions - and I don't know the LANGUAGE and COUNTRY of the user.
Then I Always print an English alert (default language)
What I want:
A way to control de timeout of each session. With this I can expires User Session first - and get the other two parameters to print the right language.
Is it possible?
I know how to expires - but ALL sessions..
tks!
Use cookies, so you can control the time, even if the user closes the browser
Response.Cookies("name_cookie")("language") = 1
Response.Cookies("name_cookie")("country") = 1
Response.Cookies("name_cookie").Expires = now + 365
I have problem to make my application is not logged out user on activity
I have code like the picture above
as we know, modify the cakephp session is able by that code
"timeout" values is used to set how long session will be expired in a minutes. and the "autoRegenerate" value is used to renew the timeout value
and the last is "cookieTimeout" is used to set how long activity allowed
the crux of my question is how to auto regenerated the cookieTimeout cakephp in core.php (like renew "timeout" value with "autoRegenerate" => true)
Thanks in advance
I'm using CodeIgniter 2.1
I use CodeIgniter's session to handle whether a user logged in or not. And it works well. I'm storing the sessions to a database. here are a few of my session variables:
$config['sess_expiration'] = 3600;
$config['sess_expire_on_close'] = TRUE;
$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'user_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = FALSE;
$config['sess_time_to_update'] = 15;
I'm using such a low sess_time_to_update increment because I needed a way to monitor whether a user has closed or navigated away from the page. Since CodeIgniter updates the last_activity column at every update (15 seconds) -To check for idleness I make a query like below (I know it's not correct language/syntax):
if last_activity < (current_time - 25s) then I know that a user has probably left the page.
The concept works good but I'm wondering if there are any unseen problems with updating the session table so frequently??
Thanks!
if last_activity < (current_time - 25s) only means that no requests were made in the last 25 seconds, not necessarily that the user has left.
The last activity won't actually update every 15 seconds unless the user is making a request every 15 seconds. For instance, if I open a page and read it for five minutes, the last activity won't update until the next request.
I'm wondering if there are any unseen problems with updating the session table so frequently
Just the little bit of overhead of updating the session table and refreshing the cookie. 15 seconds is a very small time frame, but it should be fine if that's what you really need.
If you don't want to update the session every five minutes do the following changes.
go to the session.php file in the System/libraries/Session.php and set all parameters like below to blanks. It's working for me.
public $sess_encrypt_cookie;
public $sess_use_database;
I have a ACL+auth driven app. Everything works fine but I discovered that user is logged out after a random period of time. After doing some research I discovered that the cookie set once doesn't change it's expiration date on page refresh. So it goes like this:
I set up manually expiration time to 1 minute (Security.level low (with some changes in cake/libs) and timeout 60)
19:00:00 - user loads the page - cookie is set up
19:00:05 - user logs in (cookie doesn't change the expiration date)
19:00:30 - page refresh (cookie doesn't change the expiration date)
19:00:55 - page refresh (cookie doesn't change the expiration date)
19:01:05 - page refresh - user is logged out... (cookie expired after 1 minute)
So the problem is the user gets logged out after 60 seconds from setting a cookie in instead of 60 seconds of inactivity. Does CakePHP deal with cookie files automatically? Or do I have to take care about it myself?
All I did is set up a cookie name in config/core.php and setup auth. I don't have any cookie handling function, but the cookie is created itself - correctly, just isn't updated
I had the same issue and countered it with the following code which is called on every page load and ajax call.
if(isset($_COOKIE[Configure::read("Session.cookie")])){
$session_delay = Configure::read("Session.timeout") * (Configure::read("Security.level") == "low" ? 1800 : 100);
setcookie(Configure::read("Session.cookie"), $_COOKIE[Configure::read("Session.cookie")], mktime() + $session_delay, "/");
}