I am using CakePHP 2.x and I want to know how do I set session time out to 8hrs. Please note that session should not expire before 8hrs. I have used
Configure::write('Session.timeout', '480');
but session still expires after few minutes.
Can anyone tell how do I set session time out to 8hrs, so that it will expire exactly after 8hrs?
Reset the session cookie expiration date:
$this->Session->renew().
UPD: you can also do that by:
Configure::write('Session', array(
'timeout' => '480',
'autoRegenerate' => true
)
);
Related
Okay so I've created a login system using PHP Sessions which stores user-related data within $_SESSION while logged in. To reach a PHP $_SESSION / session cookie whose expiry gets extended by x seconds every time the client refreshes a page, I created the following callback, which I call upon every page initiation:
<?php
if ( session_status() === PHP_SESSION_NONE ) {
session_start(
[
'cookie_path' => '/',
'cookie_domain' => 'mydomain.com',
'cookie_secure' => true,
'cookie_httponly' => true,
'cookie_samesite' => 'Strict',
'use_strict_mode' => true,
'use_trans_sid' => false,
'use_only_cookies' => true
]
);
} else {
// If session already exists, simply take it up again without overwriting parameters
session_start();
}
// Then determine the lifetime of the cookie (was only able to make the session cookie
// lifetime expendable using this syntax, as explained in the [first example of the php docs](https://www.php.net/manual/de/function.session-set-cookie-params.php)
setcookie(
session_name(),
session_id(),
[
'expires' => time() + x,
'path' => '/',
'domain' => 'mydomain.com',
'secure' => true,
'httponly' => true,
'samesite' => 'Strict'
]
);
?>
The reason why I specify all the:
httponly
secure
cookie path
cookie domain
samesite
parameters upon the very first call of session_start() AND also in the call of setcookie() is because if I specify one of them in session_start() and not in setcookie() or vice-versa, the browser returns two session cookies with the same session IDs, one having all of the mentioned flags, and the other without:
Now the problem is that, when I logout via the following callback, which I call as specified in the docs:
<?php
// Called via PHP Form Submit
session_start();
setcookie(
session_name(),
'',
time() - 42000,
'/',
'mydomain.com',
true,
true
);
session_destroy();
header( 'Location: mydomain.com' );
?>
I get the same problem as described in the images above; two session cookies in my browser, and again one having all the flags set, the other not, and the one without the flags set having set its expiry to the session's end, and the other one with its expiry set in x seconds; all exactly as in the image.
What am I doing wrong?
UPDATE
Is it may better to actually set all of the session cookie parameters via the php.ini file, and handle the session cookie expiry via a timestamp within $_SESSION, done like in this example?? Just thinking of a way of making the provision of any parameters in session_start() + any calls to setcookie() obsolete..
So my question is basically:
What's actually the best way of using several PHP session cookie flags, combined with a session expiry which is limited to let's say 10 mins, which gets refreshed by 10 mins on every page load?
I'm using Yii 1.1.13 and despite the session timeout is set to 1 day (session.gc_maxlifetime = 86400 in php.ini) Yii logs out the user after ~24 mins. It doesn't even redirect to the login page, only when the user would navigate to another page.
I set these in the login function:
$duration = Yii::app()->getSession()->getTimeout();
Yii::app()->user->login($this->_identity,$duration);
(the Yii::app()->getSession()->getTimeout() call gives back the right time, that is 86400)
I also set the cookie lifetime to this value:
Yii::app()->request->cookies['PHPSESSID']->expire = Yii::app()->getSession()->getTimeout();
but the bug still appears.
Thank you in advance for your helping answers.
I needed to set this in my main.php:
'session' => array(
'timeout' => 86400,
'cookieParams' => array(
'lifetime' => 86400,
),
)
It keeps alive both the session and the cookie even if they are somehow given a lower value.
I am writing a cookie for auto login users.
It works almost flaw less. But when the Session times out the cookie gets deleted, although it's set for 30 days.
I can't understand why this is happening.
If I close the browser and reopen it, all are fine, but if I leave the browser open and let the Session time out the cookie gets deleted to.
Configure::write('Session', array(
'defaults' => 'php',
'cookie' => 'KPD',
'timeout' => 180,
'cookieTimeout' => 30 * 1440
));
UPDATE: I found the problem but I don't have a solution! The problem is that when I rewrite the Cookie nothing happens, even if I try to delete it, and rewrite it.
I have a cookie as an array User.remember = array('token' => TOKEN). When I try to rewrite the token, the cookie remains the same!
Maybe you are not defining the value (in number of minutes) of Session.cookieTimeout, you should define proper value for Session.cookieTimeout. If it is not defined it will use the same value as Session.timeout
I am trying to increase the session lifetime in cakephp app. I have a remember me checkbox in login page. When checking the checkbox, I need to extend session time to 1 hour more to current time and any action inside the app after login will need to extend session time to 1 hour more.
I have component file for login and all action will be entered in startup function.
I tried to extend the session.cookie(CakePHP's session cookie) lifetime, but it didn't works.
function startup(&$controller) {
/* First try */
setcookie(Configure::read('Session.cookie'),$_COOKIE[Configure::read('Session.cookie')], time() + 3600, "/"); // Configure::read('Session.cookie') is 'CAKEPHP'.
/* Second try */
ini_set('session.gc_maxlifetime', 3600);
/* Third try */
session_set_cookie_params(time() + 3600);
echo $this->Session->read('status').' session <br/>';
echo $_SESSION['test'];
}
But all of these doesn't keep the session after session.timeout(CakePHP's session timeout) time. The session status and test varaibles are created on login. It will be retrieved until session.timeout is not reached.
I am using cakephp v1.2.
keep this in your core.php file
Configure::write('Session', array(
'defaults' => 'cake',
'timeout' => 14400, // 4 hours
'cookieTimeout' => 14400, // 4 hours
'cookie' => 'Your Cookie Name',
)
);
It is not a good idea to keep very high session timeout. If your requirement is only to keep him logged for more time, then use some auto_login component like www.milesj.me/resources/script/auto-login
I have set cookie and set it to expire after sufficient seconds. Still as soon as my session expires the cookie also expires. This is my code :-
if(isset($_POST['KeepMesignedIn'])) {
$this->load->helper('cookie');
$cookie = array(
'name' => 'info',
'value' => $user->Username . '||' . $user->Password,
'expire' => time()+3600*24*30
);
set_cookie($cookie);
}
Can anybody identify the problem?
According to the CodeIgniter documentation, set_cookie expects expires to be the delta seconds that are added to the current time:
The expiration is set in seconds, which will be added to the current time. Do not include the time, but rather only the number of seconds from now that you wish the cookie to be valid. If the expiration is set to zero the cookie will only last as long as the browser is open.
check is this part of code executed in your app or not. You need to debug.