Auto logout in yii - php

How to do auto logout after some minute if the user is idle
I am using yii framework.
I can set logout time under user component in main.php
but the question is how to check the user is idle?

if(isset(Yii::app()->request->cookies['lastpageview']) && (time()-(int)Yii::app()->request->cookies['lastpageview']->value > 3600))
{
//logout
}
else
{
Yii::app()->request->cookies['lastpageview'] = new CHttpCookie('lastpageview', time());
}
where 3600 is the max number or seconds allowed

For Yii 1.xx CWebUser has property authTimeout.
From off documentation:
authTimeout - timeout in seconds after which user is logged out if
inactive.
Set it propety into main config:
...
'components' => array(
....
'user' => array(
'authTimeout' => 60*60*5,
),
....
),
...

You can use CDbHttpSession component to make it work:
'components' => array(
'session' => array(
'class' => 'CDbHttpSession',
'timeout' => 1,
),
),

'user' => [
'identityClass' => 'app\models\User',
//'enableAutoLogin' => true,
'enableSession' => true,
'authTimeout' => 900,
],
its working fine to me!(YII 2.0)
time out session after 15 min if request is come after 15 min then auto redirect to site/login page.

Related

Yii2 stop user being logged out when browser is closed

I am having some issues with users being logged out when they close the browser. I tried to set enableAutoLogin to true but then the user never seems to get logged out even when setting authTimeout and absoluteAuthTimeout. Does anyone know how to make it so it doesnt log them out when they close the browser but logs them out after 10 hours?
'user' => [
'class' => \common\models\WebUser::class,
'identityClass' => 'common\models\User',
'authTimeout' => 36000,
//'enableAutoLogin' => true,
'absoluteAuthTimeout' => 36000,
'enableSession' =>true,
],
'session' => [
'class' => 'yii\web\Session',
'timeout' => 36000, // 2 weeks=
'useCookies' => true,
],
For anyone else who has this issue, the solution when using enableAutoLogin is true is to set the duration which is the second parameter when calling the login funciton
public function login()
{
if ($this->validate())
{
return Yii::$app->user->login($this->getUser(), 36000);
}
return false;
}

How to redirect "Access denied" to login page in Silex

This is my firewall code
$app['security.firewalls']=[
'secured'=>[
'pattern' => '/',
'anonymous' => true,
'http'=>true,
'form' => array('login_path' => '/login', 'check_path' => '/secured/login_check'),
'logout' => array('logout_path' => '/secured/logout', 'invalidate_session' => true),
'users'=>$users
]
];
$app['security.access_rules']=[
["^/admin", "ROLE_ADMIN"]
];
When users access admin page without role admin, how to redirect them to login page?
I have test with no access rules in admin controller code:
if($app['security.authorization_checker']->isGranted('ROLE_ADMIN')){
// ...
// ...
// ...
}
else return $app->redirect($app->url('login'));
But the problem when I use this method is that it will redirect to homepage instead of previous page. How can I make login page to redirect to previous page instead of homepage after successful login check?
Try to add always_use_default_target_path and use_referer parameters to security config:
$app['security.firewalls']=[
'secured'=>[
...
'form' => array(
'login_path' => '/login',
'check_path' => '/secured/login_check',
'always_use_default_target_path' => false,
'use_referer' => true
),
...
]
];
Why do you use 2 entry points for login? http and form?

Zend Framework 2 CSRF validation

I have application base on Zend framework 2. I have a form with CSRF field. If I fill the form and submit after around 5 minutes it gives me The form submitted did not originate from the expected site validation error.
So I assumed it might be some issue with session configurations. Then I added options to SessionConfig on module.config.php as follows
'session' => array(
'remember_me_seconds' => 2419200,
'use_cookies' => true,
'cookie_httponly' => true,
'cookie_lifetime' => '2419200',
'gc_maxlifetime' => '2419200'
),
But the problem still exist. Do you know how to fix this issue ?
--Update--
My form class contains the CSRF element as follows,
$this->add(array(
'type' => 'Zend\Form\Element\Csrf',
'name' => 'security',
'options' => array(
'csrf_options' => array(
'timeout' => 20000
)
)
));
None of these seems to work.
The Csrf system under ZendFramework configures the session duration from the parameter stored in the configuration of the Csrf element under the timeout key as shown in the following example :
$form->add([
'type' => Element\Csrf::class,
'name' => 'csrf',
'options' => [
'csrf_options' => [
'timeout' => 600,
],
],
]);
Put the session config under the config key as shown in the following example :
'session' => [
'config' => [
'class' => Zend\Session\Config\SessionConfig::class,
'options' => [
'name' => 'SID',
'use_cookies' => true,
'cookie_httponly' => true,
'remember_me_seconds' => 2419200,
],
],
]

Session timeout not working in Cakephp 2

I need to define a very large session time on a cakephp 2 application due to a business need. I defined it on the core.php file as follows:
Configure::write('Session', array(
'defaults' => 'php', //defaults => php
'cookie' => 'cookie',
'timeout' => 4320 // 3 days
));
I made a test and arround two hours of inactivity my session is closed, every time I click a button I get back to the logon screen, how can I effectively control my session time?
Use this It may work.it is working for me
core.php
Configure::write('Session', array(
'defaults' => 'php',
'timeout' => 259200,
'ini' => array(
'session.gc_maxlifetime' => 259200 // 3 day
)
));

how to access CakePHP session from another PHP script?

I am trying to implement a "Single Sign On (SSO)" between my CakePHP script and my wordpress blog. I researched online for it and found some questions such as
Access cakephp session (auth) from outside cakephp
and
Accessing cakephp session variable from a php script?
To do a quick test I then created a test php file in my webroot directory of my CakePHP with below code
<?php
session_name('NMCORE');
session_start();
print_r($_SESSION);
?>
NMCORE is my session name. It's not the default CAKEPHP. I also confirmed it by putting debug(session_name()); in my controller. But the above code returns a blank array. I'm not sure why it's not working. I need your help to figure it out.
The configuration for my Session in my CakePHP's core.php file is
Configure::write('Session', array(
'defaults' => 'cake',
'cookie' => 'NMCORE',
'timeout' => 43200, //30 days
'autoRegenerate' => true,
'checkAgent' => true
));
Does anybody have an idea on why this is not working?
I figured that out. I'm using 'defaults' => 'cake' in my
Configure::write('Session', array(
'defaults' => 'cake',
'cookie' => 'NMCORE',
'timeout' => 43200, //30 days
'autoRegenerate' => true,
'checkAgent' => true
));
When I changed it to 'php' then it worked.
Configure::write('Session', array(
'defaults' => 'php',
'cookie' => 'NMCORE',
'timeout' => 43200, //30 days
'autoRegenerate' => true,
'checkAgent' => true
));

Categories