I have a ACL+auth driven app. Everything works fine but I discovered that user is logged out after a random period of time. After doing some research I discovered that the cookie set once doesn't change it's expiration date on page refresh. So it goes like this:
I set up manually expiration time to 1 minute (Security.level low (with some changes in cake/libs) and timeout 60)
19:00:00 - user loads the page - cookie is set up
19:00:05 - user logs in (cookie doesn't change the expiration date)
19:00:30 - page refresh (cookie doesn't change the expiration date)
19:00:55 - page refresh (cookie doesn't change the expiration date)
19:01:05 - page refresh - user is logged out... (cookie expired after 1 minute)
So the problem is the user gets logged out after 60 seconds from setting a cookie in instead of 60 seconds of inactivity. Does CakePHP deal with cookie files automatically? Or do I have to take care about it myself?
All I did is set up a cookie name in config/core.php and setup auth. I don't have any cookie handling function, but the cookie is created itself - correctly, just isn't updated
I had the same issue and countered it with the following code which is called on every page load and ajax call.
if(isset($_COOKIE[Configure::read("Session.cookie")])){
$session_delay = Configure::read("Session.timeout") * (Configure::read("Security.level") == "low" ? 1800 : 100);
setcookie(Configure::read("Session.cookie"), $_COOKIE[Configure::read("Session.cookie")], mktime() + $session_delay, "/");
}
Related
There's a variety of answers regarding detecting IF the session has timed out. I am NOT asking that.
I am asking, how can I tell exactly how much time is remaining the user's Laravel session.
Assume I am using the latest version of Laravel.
I am strongly interested in knowing what the Laravel subsystem thinks is the time left remaining before it's native/built-in session timeout expires.
I am strongly against rolling my own, or creating my own custom timer of any sort.
Not that it matters, but my session lifetime setting configuration (session.php) looks like this (below). And my .ENV setting is also SESSION_LIFETIME=10.
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => env('SESSION_LIFETIME', 10),
This question is very specific to the session handler in use. If you need to know the time remaining before it expires, you must calculate it manually depending on the session handler like so:
File session handler: remaining time = last modified timestamp of file + session lifetime - current timestamp
Cookie session handler: remaining time = cookie expiry time - current time
Database session handler: remaining time = last_activity column value in session table + session lifetime - current timestamp
Cache session handler: remaining time = cache ttl
The session drivers use different session handler implementations as follows:
Cookie driver: Cookie session handler
File driver: File session handler
Database driver: Database session handler
APC: Cache session handler
Memcached: Cache session handler
Redis: Cache session handler
I have 3 sessions -
1- USER
2- LANGUAGE
3- COUNTRY
When session expires - user is redirect to login and receive a message: "You are disconnected by inactivity"
Its ok. but..
MY ISSUE:
Because I lost session - I lost ALL 3 Sessions - and I don't know the LANGUAGE and COUNTRY of the user.
Then I Always print an English alert (default language)
What I want:
A way to control de timeout of each session. With this I can expires User Session first - and get the other two parameters to print the right language.
Is it possible?
I know how to expires - but ALL sessions..
tks!
Use cookies, so you can control the time, even if the user closes the browser
Response.Cookies("name_cookie")("language") = 1
Response.Cookies("name_cookie")("country") = 1
Response.Cookies("name_cookie").Expires = now + 365
I have problem to make my application is not logged out user on activity
I have code like the picture above
as we know, modify the cakephp session is able by that code
"timeout" values is used to set how long session will be expired in a minutes. and the "autoRegenerate" value is used to renew the timeout value
and the last is "cookieTimeout" is used to set how long activity allowed
the crux of my question is how to auto regenerated the cookieTimeout cakephp in core.php (like renew "timeout" value with "autoRegenerate" => true)
Thanks in advance
I want to set session timeout limit for one of the store views in my magento site,
Done too much R&D by surfing several sites, but doesn't come up with any solution
Here is the explanation:
My cookie settings ib admin panel for default config
System->Configuration->Web->Session Cookie management
Cookie Lifetime 900
Cookie Path /
Cookie Domain (blank)
Use HTTP Only yes
And my store view settings
Cookie Lifetime 120
Cookie Path /
Cookie Domain (blank)
Use HTTP Only yes
adminhtml iub2qjrvtcvv46rutus50gngo6 mydomain.com / Session 35
frontend 573ofasrb0l7ems6kr5nv1mo01 mydomain.com / Session 34
frontend 573ofasrb0l7ems6kr5nv1mo01 .mydomain.com / Wed, 03 Sep 2014 09:23:40 GMT 34
Is there any wrong in my settings and why the cookie expiry date is taking as "session" and the cookie is not expiring in 120 seconds.
I find out the solution. In magento cookies time always set in second, you need to convert your date or time to seconds then you will set your cookies in magento according to you.
// Cookies set for one month in magento:
$expire = strtotime(date("m/d/Y, H:i:s A", time() + 60 * 60 * 24 * 30));
$cookies = Mage::getModel('core/cookie')->set('name', 'value', 'expire');
Output: 09/13/2015, 10:43:39 AM (calculate with current date).
there are 2 values in the config file for codeigniter session which i do not fully understand and hope someone can enlighten me, thanks.
# the number of SECONDS you want the session to last.
# by default sessions last 7200 seconds (two hours).
# Set to zero for no expiration.
$config['sess_expiration'] = 7200;
Q1) Will the application logout the user when the time(2 hrs after login) is up even though the user is still actively using the application?
# how many seconds between CI refreshing Session Information
$config['sess_time_to_update'] = 300;
Q2) Does this value affect the (Q1) senario?
The $config['sess_expiration'] is how long it will take before the session expires if there is no activity by the user on the session. $config['sess_time_to_update'] will update the expiration time every 5 minutes while the user is actively using the session.
So if the user logs in, has an expiration of 2 hours, and navigates around the site for 30 minutes and then leaves the site, they will have 2 hours from that point to visit again without needing to log in. If they do visit in those 2 hours, the expiration time will be reset to 2 hours from that point. If they don't visit again, they'll need to login.
Therefor if they are using the session they will not be logged out after 2 hours.