Is there a way to destroy a session on the (Apache) server after for example one hour? Now the session stays in the Apache folder for ever, so each time i start the application the old session is picked (And i don't want that).
use Zend\Session\Storage\SessionArrayStorage;
use Zend\Session\Validator\RemoteAddr;
use Zend\Session\Validator\HttpUserAgent;
return [
// Session configuration.
'session_config' => [
// Session cookie will expire in 1 hour.
'cookie_lifetime' => 60*60,
// Store session data on server for 1 hour.
'gc_maxlifetime' => 60*60,
],
// Session manager configuration.
'session_manager' => [
// Session validators (used for security).
'validators' => [
RemoteAddr::class,
HttpUserAgent::class,
]
],
// Session storage configuration.
'session_storage' => [
'type' => SessionArrayStorage::class
],
// ...
];
Related
Currently I am working on Yii2 and when I go to form submit after some time then Yii2 redirect to bad request, I think there is CSRF token expire so my question is, how increase CSRF token life in Yii2?
How can we do with form submit with long time and CSRF token also validate?
CSRF token validation disable is working fine in my code but I didn't want to disable it.
No need to code show here, I think.
You can use frontend and backend as different cookie and session
Cookie Backend
'identityCookie' => [
'name' => '_backendIdentity',
'path'=>'/admin',
'httpOnly' => true,
],
Cookie Frontend
'identityCookie' => [
'name' => '_frontendIdentity',
'path'=>'/',
'httpOnly' => true,
],
Session Backend
'session' => [
'name' => 'session_backend'
],
Session Frontend
'session' => [
'name' => 'session_frontend'
],
You can increase csrf token expiry time by adding following code in config/web.php file. From below code csrf token valid for one hour only. Can increase time as per your need.
'request' => [
// !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
'cookieValidationKey' => 'Key Here',
'csrfCookie' => [
'expire' => time() + 3600,
'secure' => true,
],
],
I want to enable httponly cookies in my zend based application. In order to do so, I added below line in application.config.php
'cookie_httponly' => true
to existing session_config array and it looks like below
'session_config' => [
// Set the session and cookie expiries to 15 minutes
'cache_expire' => 1800,
'cookie_lifetime' => 1800,
'cookie_httponly' => true
],
But it doesn't work. Any ideas ?
See the documentation https://framework.zend.com/manual/2.4/en/modules/zend.session.manager.html
And put your config under the line 'name' => 'myapp',
As I'm new to the cache mechanism, I gone through the yii2 documentation. As per the documentation, I added the below config in db.php in yii2 basic application.
<?php
return [
'class' => 'yii\db\Connection',
'dsn' => 'mysql:host=localhost;dbname=db_new',
'username' => 'root',
'password' => 'root123',
'charset' => 'utf8',
'enableQueryCache' => true,
'queryCacheDuration' => 86400,
'enableSchemaCache' => true,
// Name of the cache component used to store schema information
'schemaCache' => 'cache',
// Duration of schema cache.
'schemaCacheDuration' => 86400, // 24H it is in seconds
];
also I added the cache component in web.php
'components' => [
'cache' => [
'class' => 'yii\caching\ApcCache'
]
]
And added the below code while retrieving a record from clients table.
$db = Clients::getDb();
$client = $db->cache(function ($db)use($id) {
return Clients::find()->where(['id' => $id])->all();
});
I assume my client table one record ex)$id = 3 is cached. So next time if I try to retrieve same record from clients table it will pull from cache not from scratch.
My questions are
What I did above is this correct or anything I need to configure
more?
Where it is storing in the local system.
Thanks in advance.
what you did is correct for query caching, found in data caching here.
there are more caching mechanisms available, like fragment, page or http caching
as far as i know, the place where the cached data is stored depends on the caching component. apc stores in memory
yii's FileCache will store files under /runtime
good to know you can flush caches with yii's console command yii cache/flush-all
We configured like /var/www/app1 and /var/www/app2 , Both are logging in single session. How can I make this different session.
I tried with following solution from yii2 wiki. But it doesn't workout here.
'identityCookie' => [
'name' => '_backendUser', // unique for backend
'path'=>'/advanced/backend/web' // correct path for the backend app.
]
Please give solution for this issue.
Use a different session $name for each application. This can be set in your config as:
'components' => [
'session' => [
'class' => '\yii\web\Session',
'name' => 'mycustomname',
In advanced app, I tried to implement divided authorization for backend and frontend.
In first case, I used User class from basic app, in order to use users without database. But for frontend part, I used User class from advanced app.
It would seemthat everything is working perfectly. But when you try to log in at the same time on both sides, the latter takes precedence over the previous one. Ie after entering the frontend parts - automatically eject the user from the backend and vice versa.
You have to set different cookies for frontend and backend in config/main.php file. For Eg.:
In backend:
'components' => [
'session' => [
'name' => 'BACKENDID', //Set name
'savePath' => __DIR__ . '/../tmp', //create tmp folder and set path
],
],
In Frontend:
'components' => [
'session' => [
'name' => 'FRONTENDID',
'savePath' => __DIR__ . '/../tmp',
],
],