My Website is for internal purpose, I have checked in all request if user session is there or not. but it get expire if user is idle,
I have set session like.
$time = 18000;
$config = new \Zend\Session\Config\StandardConfig();
$config->setGcMaxlifetime($time);
$config->setGcDivisor(100);
$config->setGcProbability(1);
$config->setRememberMeSeconds($time);
$sessionManager = new \Zend\Session\SessionManager($config);
$sessionManager->rememberMe($time);
but also it is expire in some minutes, pls help me to solve this.
I have spend lots of time in googling, but doesn't find any solution.
In principle, I avoid using cookie.
I use ZF1 and here is my setup:
In your example, the terms are the same and I'm sure you can adapt:
Add repertory for save your session (see APPLICATION_PATH . '/../tmp' in the code)
// Production
'session' => array( 'use_cookies' => true,
'use_only_cookies' => true,
'use_trans_sid' => false,
'strict' => false,
'remember_me_seconds' => 0,
'name' => 'MyNameSessionSession',
'gc_divisor' => 1000,
'gc_maxlifetime' => 600,
'gc_probability' => 1,
//'save_path' => APPLICATION_PATH . '/../tmp', // Not for production
),
// For Dev (Session No Limit)
$appli['resources']['session']['remember_me_seconds'] = 0;
$appli['resources']['session']['gc_divisor'] = 10;
$appli['resources']['session']['gc_maxlifetime'] = 8600;
$appli['resources']['session']['gc_probability'] = 1;
$appli['resources']['session']['save_path'] = APPLICATION_PATH . '/../tmp';
I hope it will help you, otherwise I'm sorry, i could'nt help you
Good luck :)
Related
I am writing and application in Slim Framework v3.1. I am a lot confused on how to correctly set and get the cookies using Slim's methods.
I need your help in understanding what is the right way to read and write cookies with encryption enabled.
I also need to know how to enable encryption and decryption for the same.
Currently my $app is initialised this way -
$settings = require __DIR__ . '/../src/settings.php';
$app = new \Slim\App($settings);
My settings.php looks like below -
return [
'settings' => [
'displayErrorDetails' => true, // set to false in production
'addContentLengthHeader' => false, // Allow the web server to send the content-length header
// Renderer settings
'renderer' => [
'template_path' => __DIR__ . '/../templates/',
],
// Cookies Encryption
'cookies.encrypt' => true,
'cookies.secret_key' => '53cr3t',
'cookies.cipher' => OPENSSL_CIPHER_AES_256_CBC,
'cookies.cipher_mode' => MCRYPT_MODE_CBC,
],
];
I want a "remember-me" cookie for my login form and get it work until I reopen the browser. I am using the Zend Framework 2 to get it done.
I set up a form with a checkbox and have this in my controller after validating the form:
$userSession = new Container("test");
$sessionManager = $userSession->getManager();
$sessionManager->rememberMe(1209600);
$sessionManager->start();
In the module.config.php I have the following settings for the session:
'session' => array(
'name' => 'Test_SESSION',
'save_path' => realpath('C:\xampp\htdocs\Workspace\test\data\session'),
'remember_me_seconds' => 1209600,
'cookie_lifetime' => 1209600,
'use_cookies' => true,
'cookie_httponly' => true,
),
And finally in module.php:
$session = new SessionConfig();
$session->setOptions($this->serviceLocator->get("config")["session"]);
I searched through the web for any advises and tried something, but at least when I close the browser the cookie is deleted. Firefox settings of deleting cookies were checked also, so they won't be automatically deleted. Does any one has a successful solution or hint?
Edit: When I take the code of newtake and add $sessionManager->rememberMe(); to it, the session is still alive after closing browser, but I can't login anymore even the login process is successfully done. Anyone heard from this curiosity?
Need setup SessionConfig to SessionManager. It is my config
'service_manager' => array(
'factories' => array(
'Zend\Session\SessionManager' => function ($sm) {
$sessionConfig = new \Zend\Session\Config\SessionConfig();
$sessionConfig->setOptions([
'use_cookies' => true,
'gc_maxlifetime' => 1728000,
'cookie_lifetime' => 1728000,
'name' => 'COOKIE_NAME',
]);
$sessionManager = new \Zend\Session\SessionManager($sessionConfig);
$sessionManager->start();
return $sessionManager;
}
)
)
Working with the Yii framework in the config-file session storaged is handled as follows:
'session' => array(
//'sessionName' => 'SomeSession',
'class' => 'CDbHttpSession',
'connectionID' => 'SomeConnection',
'autoCreateSessionTable' => false,
'sessionTableName' => 'SomeTable',
'autoStart' => 'false',
'cookieMode' => 'only',
'useTransparentSessionID' => false,
'timeout' => CSESSIONTIMEOUT,
'cookieParams' => array(
'path' => '/',
'domain' => '.somedomain.extension',
'expire' => time()+5256000,
'lifetime' => time()+5256000,
//'httpOnly' => true,
),
),
So as you see sessions are stored in a table in a database with a given lifetime. But if I check the stored sessions in the database they are not stored with the given lifetime they are stored with a lifetime of a year.
The only thing I can find in our application that has a lifetime of a year are the cookies. For example like this:
setcookie("cookie_name", $someValue, time()+31536000, "/", "somedomain");
What is confusing for me are the cookies in our application. Could it be possible that this overrides the Yii session storage config?
UPDATE
I also came across this line of code
$_SESSION['POLL_'.$idPoll.'somekey'] = strtotime("now");
And that line of code inserted a session record in the database. But that record also has an lifetime of a year. How is this possible?
You need to add timeout param to config like this:
'session' => array(
'class' => 'CDbHttpSession',
'timeout' => 5256000,
// ...
Try Cookies Like this : -
if (isset($_POST['remember'])) {
$cookieUsername = new CHttpCookie('phoenix_admin_username', $_POST['LoginForm']['username']);
$cookiePassword = new CHttpCookie('phoenix_admin_password', base64_encode($_POST['LoginForm']['password']));
$cookieUsername->expire = time() + 604800;
$cookiePassword->expire = time() + 604800;
Yii::app()->request->cookies['phoenix_admin_username'] = $cookieUsername;
Yii::app()->request->cookies['phoenix_admin_password'] = $cookiePassword;
}
////////////Check like this//////////////
if(isset(Yii::app()->request->cookies['phoenix_admin_username'])){
$model->username = Yii::app()->request->cookies['phoenix_admin_username']->value;
$model->password = base64_decode(Yii::app()->request->cookies['phoenix_admin_password']->value);
}else{
$model->username = "";
$model->password = "";
}
I use this library : Oauth2 PHP
I can't find the setting to change the expiration time, I tried:
new OAuth2\Server($this->_mem, array('use_jwt_access_tokens' => true, 'access_token_lifetime' => 2419200));
But the lifetime of the token is always 3600. What's the right setting?
Edit: As suggested, I tried to use refresh token
new OAuth2\Server($this->_mem, array('use_jwt_access_tokens' => true, 'always_issue_new_refresh_token' => true));
The client_credential grant type + JWT bearer works but I never get a refresh token (only access token). Even upon token verification, I never get a refresh token.
Edit: Since the refresh doesn't work for me, as suggested I tried to set the token expiration time doing
new OAuth2\Server($this->_mem, array('use_jwt_access_tokens' => true, 'access_lifetime' => 12000));
The response upon client credential still returns a short token
{ ["access_token"]=> string(648) "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpZCI6ImU0NjE0MzdhMjY2YjFkNWY0OWU5MDY5MjQwODg5NjU0MDI2ZGRmODAiLCJpc3MiOiIiLCJhdWQiOiI4OWM2MjRmNTNiYTVmOTM3NjFmZWFhNmU1MGI1ZDk1NGQ4ZGRjMTIxIiwic3ViIjpudWxsLCJleHAiOjE0MzQ0NjI2NDIsImlhdCI6MTQzNDQ1OTA0MiwidG9rZW5fdHlwZSI6ImJlYXJlciIsInNjb3BlIjoicHVibGljIHJlYWRfbmV3cyJ9.Mk_KyUk_8yPnq9eEjvgVOJXBOkQSifAPbEaUvY4X9WvfmImPnC7PJx_99ODpiJR_gMLhZ3gBl1gQEJ2z6xUZ83dntCYzGWumkVLNpJG8omuVkmZqNnbLYYXl-vzmGOblceeDrKw_lrXc4rb72BeFaMeZWwFV7YMrgA0LOsYyZmAiDblcbHtpPGpUd2EC3y7VxLnyA8u07eY4aswOHwClPlDwHX_HwfMUmDLWkoTcrRf1AvKn-cnj41eL0SU9AJHWab8AOK7lxDsaqnits5pXj--cG9hr8pWOsFPQ2D9qYOsMvbEOi4zDJEdaIp-qvzn6N5Wrm5GxdbU1AqwvM531hQ" ["expires_in"]=> int(3600) ["token_type"]=> string(6) "bearer" ["scope"]=> string(16) "public" }
It appears it was a cache issue, the token is now set to the proper expiration length/time
You can change the access_token lifetime using the access_lifetime OAuth2\Server config parameter from examining the code.
The access_lifetime config parameter is used in creating the token in OAuth2\ResponseType\JwtAccessToken line 63:
$expires = time() + $this->config['access_lifetime'];
This can be set when instantiating the server which takes the following config parameters as listed in OAuth2\Server lines 109 - 126.
// merge all config values. These get passed to our controller objects
$this->config = array_merge(array(
'use_jwt_access_tokens' => false,
'store_encrypted_token_string' => true,
'use_openid_connect' => false,
'id_lifetime' => 3600,
'access_lifetime' => 3600,
'www_realm' => 'Service',
'token_param_name' => 'access_token',
'token_bearer_header_name' => 'Bearer',
'enforce_state' => true,
'require_exact_redirect_uri' => true,
'allow_implicit' => false,
'allow_credentials_in_request_body' => true,
'allow_public_clients' => true,
'always_issue_new_refresh_token' => false,
'unset_refresh_token_after_use' => true,
), $config);
There is also support for refresh tokens according to the code for Server.php and JwtAccessToken.php.
In server.php (where you are passing grant type and client credentials)
$config = array(
'access_lifetime' => 86400
);
$server = new OAuth2\Server($storage, $config);
source: https://github.com/bshaffer/oauth2-server-php/issues/699
I am trying to set the max life time of a session with the \Zend\Session\Container. To test it I put it to 1 sec.
Now I looked at the docs
So i did
$config = new StandardConfig();
$config->setOptions(array(
'remember_me_seconds' => 1,
));
$manager = new SessionManager($config);
$session = new Container('user', $manager);
But no success. Then I started googling and found this answer
So I made the config to
return array(
'session' => array(
'remember_me_seconds' => 2419200,
'use_cookies' => true,
'cookie_httponly' => true,
),
);
(the config worked and was loaded into the manager) but again no success
So I continued searching and found this answer
But again no success.
So after all the searching I couldn't get it working, so now I hope some one else got it working and can help me.
Well I finaly found out what the issue was.
The problem was that I used
$sessionConfig = new SessionConfig();
$sessionConfig->setOptions(array(
'use_cookies' => true,
'cookie_httponly' => true,
'gc_maxlifetime' => $config['authTimeout'],
));
$manager = new SessionManager($sessionConfig);
This "worked" the only issue was that there was set a cookie with the lifetime session. This ment different things in browsers. Ie in chrome it is destroyed if you close the tab, so no matter how high the gc_maxlifetime it would not work.
So an easy fix would be the following
$sessionConfig = new SessionConfig();
$sessionConfig->setOptions(array(
'use_cookies' => true,
'cookie_httponly' => true,
'gc_maxlifetime' => $config['authTimeout'],
'cookie_lifetime' => $config['authTimeout'],
));
$manager = new SessionManager($sessionConfig);
Hope it would help some one in the futue
$config['authTimeout'] is a positive integer value
$config = new StandardConfig();
$config->setOptions(array(
'cookie_lifetime' => '2419200',
'gc_maxlifetime' => '2419200'
));
Change the value of 2419200 to how many seconds you actually want.
In application global.php or you can do it in module config:
'session_config' => array(
'name' => 'your session name',
'remember_me_seconds' => 60 * 60 * 24 * 30*3,
'use_cookies' => true,
'cookie_httponly' => true,
),
check Zend\Session\Service\SessionConfig.