Support the ongoing development of Laravel.io →
posted 10 years ago
Session
Last updated 2 years ago.
0

Well...this is not Laravel specific question IMO.

You need to log when a session started and you also need to define how long that session can live and decide to destroy or not to destroy.

Checkout http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes

Last updated 2 years ago.
0

Thanks for the link. As Laravel has its own code for sessions, will the $_SESSION variable contain relevant information?

Last updated 2 years ago.
0

http://laravel.com/docs/session#session-usage

You can call flush() to remove all the data on a session or call regenerate() to regenerate the session id.

Last updated 2 years ago.
0

I was aware of that, but I'm not sure what regenerate() does. However, there doesn't seem to be a method to obtain the last activity time like using $_SESSION['LAST_ACTIVITY']. How can a timeout be established without that?

Last updated 2 years ago.
0

Sorry for the delay in response.

You need to set the value of 'LAST_ACTIVITY" on your own. You probably want to set the value in a filter.

App::before(function ($request) { Session::put('LAST_ACTIVITY', time()); });

something like this.

Last updated 2 years ago.
0

Thanks for that information. Is their a suitable filter in which to place the code for checking for the expiry, from which a redirection can be made to a "session expired" view?

Last updated 2 years ago.
0

No problem.

I can't give you an answer since I don't know about your code, but I think you can use the same filter for the verification.

From the stack overflow I linked above,

if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
    // last request was more than 30 minutes ago
    session_unset();     // unset $_SESSION variable for the run-time 
    session_destroy();   // destroy session data in storage
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp

This can be converted into (not tested)

if (Session::get('LAST_ACTIVITY') && (time() - Session::get('LAST_ACTIVITY') > 1800 )) {
	Session:flush();
}

Session::set('LAST_ACTIVITY', time());	
Last updated 2 years ago.
0

I couldn't get this to work, then ran out of time, so apologies for not thanking you sooner. I had another go at it today and realised what the problem was: Session::flush() does not delete session data that the app creates, such as the shopping cart details. My solution was to do it like this:

App::before(function($request)
{
	// Expire the session after the given number of seconds of inactivity
	if (Session::get('LAST_ACTIVITY')
		&& (time() - Session::get('LAST_ACTIVITY')) > 1000)
	{
		// Delete session data created by this app:
		OrderController::clear_session();
	}
	Session::put('LAST_ACTIVITY', time());
});

Then, add the following code to the appropriate get handlers in the controller:

if (Session::get('SessionID') == null) {
	return Redirect::to('expired');
}

where "SessionID" is initialised using "Session::set('SessionID', uniqid('S'))", when the shopping cart is created.

Last updated 2 years ago.
0

You don't have to create your own "LAST_ACTIVITY" key: you can use the Symfony meta-data available in Laravel's session:

$bag = Session::getMetadataBag();
$max = Config::get('session.lifetime') * 60;
if ($bag && $max < (time() - $bag->getLastUsed())) {
    Event::fire('idle.too-long');
}

Firing an event lets you decouple the idle detection logic from the idle reaction logic.

Last updated 2 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

DA40 da40 Joined 27 Apr 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.