I have been facing issue related to Session timeout using Zend Framework 3. Session expired within 5-10 min. I had used the default code for the session, which Zf3 skeleton provides in global.php as below.
// Session configuration.
'session_config' => [
'cookie_lifetime' => 60*60*1, // Session cookie will expire in 1 hour.
'gc_maxlifetime' => 60*60*1, // Store session data on server maximum for 1 hour.
],
// Session manager configuration.
'session_manager' =>
[
'validators' => [
RemoteAddr::class,
HttpUserAgent::class,
]
],
// Session storage configuration.
'session_storage' => [
'type' => SessionArrayStorage::class
],
After using above code still session expired within 5-10 minutes.I want session expired time more than 30 minutes.How to configure it in Zf3.
Please provide solution.
You have the correct settings for the session manager, but this is not enough for these session settings to be used as the default one.
My assumption is that you do not make this session manager your default one. In order to make it, you need to instantiate it as early as possible.
One solution would be to do this is in module Module.php
use Zend\Mvc\MvcEvent;
use Zend\Session\SessionManager;
class Module
{
//...
/**
* This method is called once the MVC bootstrapping is complete.
*/
public function onBootstrap(MvcEvent $event)
{
$application = $event->getApplication();
$serviceManager = $application->getServiceManager();
// The following line instantiates the SessionManager and automatically
// makes the SessionManager the 'default' one.
$sessionManager = $serviceManager->get(SessionManager::class);
}
}
Reference
EDIT: My 2nd assumption is that you use the global path for your sessions(eg /var/lib/php/sessions).
In Debian, there is a cron that may clear sessions according to your php.ini session settings(/etc/cron.d/php).
This cron uses your php.ini "gc_maxlifetime" and probably clears your sessions.
To find out where your sessions are saved, use session_save_path(). Check that directory for your sessions.
To overcome this, you should set "save_path" and this path should not be shared with others applications or scripts on your server(you do not want another script using the global gc settings or its own, deleting your sessions).
Add
'save_path' => '/path/to/app/data/sessions'
in your 'session_config' array.
I am unable to get Laravel rememeber me functionality to work.
I added remember token column to my User Model table.
My User Model Authenticatable. User model doesn't contain anything else specific related to remember me functionality
I am using default Auth drivers and guard.
My Usercontroller is different from default one. It extends from Controller. It doesn't use any Traits. In my login method, I use Auth::login($userModelObject, true) to login user. Everything works fine. Remember me token gets updated in database. I can see 3 cookies on browser XSRF-TOKEN, laravel_session, remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d.
Auth::check() returns true as expected but if I either remove, expires, or modify laravel_session, in the subsequent request, remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d cookie also gets removed for some reason (I am not able to view it using var_dump($_COOKIE) in only middleware I applied) and I think that's why Laravel Auth driver isn't able to use remember me Cookie to autologin user. CSRF middleware is also being applied automatically by Framework.
What could be causing this behaviour? Do I need to use some Additional Traits on my User Model or Controller?
Note: I am using Laravel 5.4 and my session config are:
'driver' => env('SESSION_DRIVER', 'file'),
'lifetime' => 20,
'expire_on_close' => false,
'encrypt' => false,
'files' => storage_path('framework/sessions'),
'connection' => null,
'table' => 'sessions',
'store' => null,
'lottery' => [2, 100],
'cookie' => 'laravel_session',
'path' => '/',
'domain' => env('SESSION_DOMAIN', null),
'secure' => env('SESSION_SECURE_COOKIE', false),
'http_only' => true
I found the problem. I had this \Illuminate\Session\Middleware\AuthenticateSession::class in Kernel.php. I compared my project with new laravel 5.4 project and found that this is commented out by default. I did that and my problem is fixed now.
In my application I want to use session and cookies. On reading about session I came to know that in two ways I can implement session one is by session management and one is by using containers, using containers seems to be easy. I want to know which one is better or both are same and I am missing something. I want to use session and cookies both, can anyone have some source code or coding examples where session and cookies both have been used ? I don't know how to send the cookies to get the session values and how to use these values in my view files(js and phtml). Following is the code for session manager reffered from zend documentation:
return array(
'session' => array(
'config' => array(
'class' => 'Zend\Session\Config\SessionConfig',
'options' => array(
'name' => 'myapp',
),
),
'storage' => 'Zend\Session\Storage\SessionArrayStorage',
'validators' => array(
'Zend\Session\Validator\RemoteAddr',
'Zend\Session\Validator\HttpUserAgent',
),
),
);
Do I need to place this code in my application.config.php file?
Session Container used for working with session DATA.
Session Manager used for work with session LOGIC (e.g. start/close).
Do I need to place this code in my application.config.php file?
Yes, in ZF2 docs wroted:
The following illustrates how you may configure session manager by setting options in your local or global config:
I'm having an interesting issue with Laravel 5.
After logging in a user, the logged in status is not persisted across pages. Clearly it has something to do with Session::.
The way I'm logging in a user is pretty straight-forward:
if (Auth::attempt(['email' => $data['email'], 'password' => $data['password']],
isset($data['remember_me']) ? TRUE : FALSE))
{
return redirect()->intended('/');
}
A simple print_r(Session::all()); gives me the following if the user is NOT logged in:
Array
(
[_token] => wV8o75lZnCZ0f6CMMQgdBBM2AxSYjtWisAXx6TgZ
[flash] => Array
(
[old] => Array
(
)
[new] => Array
(
)
)
[_previous] => Array
(
[url] => http://localhost/public
)
)
After the user is logged in an redirected to / the array looks like this:
Array
(
[_token] => wV8o75lZnCZ0f6CMMQgdBBM2AxSYjtWisAXx6TgZ
[flash] => Array
(
[old] => Array
(
)
[new] => Array
(
)
)
[_previous] => Array
(
[url] => http://localhost/public/
)
[login_82e5d2c56bdd0811318f0cf078b78bfc] => 2
)
However, after any action that will lead to a page refresh or a redirect, the session status is lost.
My config/session.php file looks like so:
<?php
return [
'driver' => env('SESSION_DRIVER', 'file'),
'lifetime' => 120,
'expire_on_close' => false,
'encrypt' => false,
'files' => storage_path('framework/sessions'),
'connection' => null,
'table' => 'sessions',
'lottery' => [2, 100],
'cookie' => 'laravel_session',
'path' => '/',
'domain' => null,
'secure' => false,
];
The locally stored file for the session can be written and read.
I've tried using database drive instead of file. Same thing happens the [login_xx] => 2 key/value is lost and I'm logged out.
Since the Session:: is not completely reset I'm suspecting that I'm not logging in the user properly or simply doing something that I shouldn't be doing somewhere.
I faced similar issue, I simply called:
Session::save();
after any add/update/delete to Session storage. So it looked like:
$id = Input::get('id');
Session::forget('cart.' .$id);
Session::save();
I had the same issue. Once I removed the various combinations of dd() and print_r() I was using to dump responses for testing purposes and allowed the method to complete and fully render the view, the issue went away and sessions persisted.
I solved changing
'cookie' => 'laravel_session',
to
'cookie' => 'myapp_session',
according to laravel the name of the cookie affects every driver
I'm not familiar with Laravel, but on CodeIgniter I save user session in CI's Session Class and Laravel has one too.
I suggest to use the build-in session which is more persistent than default $_SESSION - probably it saves user data in database and on each page refresh/change the session is populated again from DB.
When user authenticates, just save its session data like this:
Session::put('userData', 'value');
...where value could be just a boolean value or an entire object that holds user specific data.
On each page load, get user data from session:
$user = Session::get('userData');
if($user->id) echo 'user is logged-in'; //or if($user) - depends on what you store in 'userData' key
else echo 'guest only privilegies';
EDIT:
I see that you use the Auth Class. My answer is mostly for manual login of the user and it works.
I think that the Auth Class should be doing this by default, but probably you're missing some configuration or there's a bug.
Here's a possible solution (Laravel 4, but it worths a try): http://laravel.io/forum/11-11-2014-authcheck-always-returning-false
Update:
As of this you should try to change the driver value from
'driver' => env('SESSION_DRIVER', 'file')
to
'driver' => 'file'
...also on Laravel's docs you can see that the driver has to be defined like that.
First, make sure you don't have some sort of a before filter, middleware, or route group that is causing them to be logged out. At least temporarily, search for any Auth::logout() and comment it out. I have seen this be the problem more than once.
Second, you look like you're doing this call correctly. The third parameter is $login : bool and it defaults to true. This is not your problem, but please change your TRUE and FALSE to true and false to meet with PSR-1/2 standards.
I would have advised that you try another driver, but you have done that and have the same result. This leads me to think that you have some sort of earlier code that is misdirecting to a logout().
You need to make sure of 2 things if you are using default laravel's file session which you can check if you are using in session.php file.
The session directory ie storage/framework/session/ is writable.
The routes for logging in maybe (/login) and for checking authentication (maybe /dashboard) are all within the group web
ie.
Route::group(['middleware' => ['web']], function () {
Route::get('/home/login', ['as' => 'login', 'uses' => 'HomeController#getLogin']);
Route::post('/home/login', ['as' => 'login', 'uses' => 'HomeController#postLogin']);
Route::get('/home/dashboard', ['as' => 'home', 'uses' => 'HomeController#getDashboard']);
}
This worked for me in Laravel 5.
I had this problem to and i solve this way.
After Auth::attemp or Auth::login() dont use echo, var_dump or dd() i dont know why but those prevent to keep the session in the browser.
And now is working
public function testLogin(Request $request, $id){
$user = Account::find($id);
Auth::login($user);
}
Don't forget to save like session()->save() or Session::save()
I have faced the same issues after the user logged in the session is not persistent.
So i found the solution for this.
just change one line in config/session.php file
Change in this code
'cookie' => env(
'SESSION_COOKIE',
Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
)
To:
'cookie' => env(
'local_cookies',
Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
),
then clear the caches. it will fix the issue :)
correctedHum... Ensure your machine is setted with good date and hour, and equally the other machines on the network who working with.
For exemple in Debian system:
In the command prompt, hit date (you will see the date), if it's not correct follow these instructions:
apt-get install ntp
service ntp start
date (normally the date and hour are corrected)
Use "cookie" driver instead of "file" of session.php (config\session.php\driver). I had a problem with login using "Auth::loginUsingId()" api instead of "Auth::attempt()" api, it destroyed the session for another request.
Make sure that the target route also uses the middleware StartSession.
In my "fresh" installation of Laravel 5.2 the "web" middleware group uses it, but the root path (/), which also happens to be the default $redirectTo after login, was outside of it. Huge loss of time.
I had a similar problem and I have fixed it by changing the Session Driver from
SESSION_DRIVER=database
to
SESSION_DRIVER=file
In my case I had to change the domain setting in the app/config/sessions.php file. I had a different domain written there instead of the one that I was using and naturally it didn't work. Though I don't understand why the framework went ahead and created the session files each time I was reloading the page.
I had the same issue, but it has been fixed now.
It's because of the conflict between sessions in your machine and in your localhost domain. To solve the problem:
First of all check your config/session.php file and check this:
'domain' => null,
after that clear your cookies:
on Firefox, right click -> view page info -> Security -> View Cookies -> Remove all
i had the same problem in laravel 5.4, the solution for me was:
In the file /app/Http/Kernel.php, was commented middleware AuthenticateSession by default.
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
//\Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
];
Only uncommented this line and the session work fine in all routes
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
];
If you are using loginUsingId() method you should set 'remember' flag to true.
So, instead of doing:
loginUsingId(1);
You should do
loginUsingId(1, true);
See docs
You might wanna check public/index.php, see if there are codes before the Laravel codes. After I remove those codes, I can login just fine.
<?php
echo 'hello';
?>
<?php
/**
* Laravel - A PHP Framework For Web Artisans
*
* #package Laravel
* #author Taylor Otwell <taylor#laravel.com>
*/
I seems, someone "messed" with my sites, and index.php is the main target for malicious codes
Just add session start and authenticate middleware to global middleware in kernel.php file
just check then cookie allow false
'secure' => env('SESSION_SECURE_COOKIE', false)
In my case I put it as true insted of true, then I changed its into
false
I am faced this problem when dealing with the oracle database, and by searching and debugging it is solving by change the protected $primaryKey = "name in lowercase"
public $incrementing = false;
I wrote an API using Yii2 and following the REST guide. My API is working and I want to write some tests for it, so I once again followed the guide on how to run tests and got unit tests working. I then looked around Codeception documentation about testing WebServices and got this working too.
My problem is that API calls are not using my test database. I have two databases, one called db and the other testdb. Here is my config.php file in tests/codeception/config/:
return [
'components' => [
'db' => [
'dsn' => 'mysql:host=localhost;port=8889;dbname=testdb;unix_socket=/Applications/MAMP/tmp/mysql/mysql.sock',
],
'mailer' => [
'useFileTransport' => true,
],
'urlManager' => [
'showScriptName' => true,
],
],
];
I wrote a simple test that send a GET request to an endpoint to retrieve data. My test database is empty so I am expecting to receive an empty response, but I get the content of my other database instead.
I then tried to set YII_ENV to test as described in the Environment Constant section here so that I could test against the env variable YII_ENV_TEST and change the db configuration accordingly. I tried to set this variable in the _bootstrap.php file in the tests/codeception/ folder:
defined('YII_ENV') or define('YII_ENV', 'test');
I then logged the value of YII_ENV in the web/index.php file (index-test.php is not called, might be a problem too), and it is undefined.
What am I doing wrong? I tried including the Yii2 module in my api.suite.yml file but requests don't have return code anymore if I do that, it returns N/A. Is there another way to change which database Yii should use?
You can make an test_config.php file and at the end of the config place this
if (file_exists('protected/config/test_config.php'))
{
include 'test_config.php';
}
the file will be included if it exists. And the file test_config.php should contain the overwritten value for the db connection.
Hope this helps!
Keep on coding!
Ares.
Well I found a "solution" by using this other app template: https://github.com/githubjeka/yii2-rest
The file organization fits my needs better and I can easily configure which database to use.