Jump to content

$config->sessionExpireSeconds does not work

helmut2509

By helmut2509,
in General Support

 Share

Recommended Posts

helmut2509 Sr. Member

helmut2509

Posted
Posted

In my PW-Application there is currently no session timeout.

I want to set the user session to 60 minutes which means that after 60 minutes of inactivity the user will be redirected to the homepage.

so I added the following entry to my config.php: 

$config->sessionExpireSeconds = 120;

(120 seconds is just for testing).

But after five minutes of inactivity I am still logged in, there is no redirection.

Is there anything wrong or did I miss something?

In php.ini I have the entry:

session.cookie_lifetime = 3600

Link to comment
Share on other sites
wbmnfktr Hero Member

wbmnfktr

Posted
Posted
  1. I added $config->sessionExpireSeconds = 120; to my config.php
  2. deleted all cookies and sessions (/site/assets/sessions/)
  3. opened a private window and logged in
  4. waited 2+ minutes
  5. clicked a link and was redirected to the login page

It works in the backend.

How and why there might be a difference in an application or frontend... I don't know. 

Maybe caching, maybing something that keeps the session alive.

Another thing is session()->isLoggedin where did you find that? All I know is $user->isLoggedin().

Maybe you could try: 

if(!$user()->isLoggedin)
   session()->redirect(config()->loginUrl);

 

  • Like 1
Link to comment
Share on other sites
helmut2509 Sr. Member

helmut2509

Posted
  • Author
Posted
11 hours ago, wbmnfktr said:
  1. I added $config->sessionExpireSeconds = 120; to my config.php
  2. deleted all cookies and sessions (/site/assets/sessions/)
  3. opened a private window and logged in
  4. waited 2+ minutes
  5. clicked a link and was redirected to the login page

It works in the backend.

How and why there might be a difference in an application or frontend... I don't know. 

Maybe caching, maybing something that keeps the session alive.

Another thing is session()->isLoggedin where did you find that? All I know is $user->isLoggedin().

Maybe you could try: 


if(!$user()->isLoggedin)
   session()->redirect(config()->loginUrl);

session()->isLoggedin is just a custom variable filled with 'true' after successfull login.

I found out that the session is not being saved in /site/assets/sessions/ but in the sessions table of the processwire database.

But strangely entries are only made at logout, never at login. Even after adding the $session()->login() command nothing changed.

 

 

 

Link to comment
Share on other sites
wbmnfktr Hero Member

wbmnfktr

Posted
Posted
12 hours ago, helmut2509 said:

session()->isLoggedin is just a custom variable filled with 'true' after successfull login.

Try the $user->isLoggedin() option.

12 hours ago, helmut2509 said:

I found out that the session is not being saved in /site/assets/sessions/ but in the sessions table of the processwire database.

But strangely entries are only made at logout, never at login. Even after adding the $session()->login() command nothing changed.

I don't know enough about session handling in ProcessWire and why this is the way it works in your setup.

Which version of ProcessWire are you running? Are there any other broader modifications/custom codes for session or user handling?

Did you install any session related modules that may interfere here?

Link to comment
Share on other sites
  • 4 years later...
Leftfield Full Member

Leftfield

Posted
Posted

Is it because I ate two cakes and ice cream yesterday that the cookies don't love me anymore? Or maybe it's something else entirely, like needing to clear the cache (I did, deleted cookies too)? This keeps logging me out after about 30 minutes, which is super annoying! Can you help? 

$config->sessionExpireSeconds = 432000;
Link to comment
Share on other sites
netcarver Hero Member

netcarver

Posted
Posted
On 12/4/2019 at 4:14 PM, helmut2509 said:

In php.ini I have the entry:

session.cookie_lifetime = 3600

@Leftfield Got to run now, but can you check what your session.cookie_lifetime setting is (just in case it's this for you?)

Link to comment
Share on other sites
Leftfield Full Member

Leftfield

Posted
Posted

@netcarverYes, it is for me (Thanks for helping me).

I tried with php.ini, but nothing. Set 10800, waited a bit and was logged out. :(

I see my cookie wires_challenge says: 2024-06-01T15:04:30.853Z but if was same as before asking question 

session.cookie_lifetime = 10800
Link to comment
Share on other sites
cwsoft Sr. Member

cwsoft

Posted
Posted

Just to check. There is no forgotten config-dev.php around with different settings? Have you cleared out all sessions and cookies via browser dev tools?

Link to comment
Share on other sites
adrian Hero Member

adrian

Posted
Posted

If you're running Debian, try adding this to your config.php 

/**
 * Enable Session Garbage Collection
 * Garbage Collection is disabled in Debian as default (probability set to zero)
 * Enable session garbage collection with a 1% chance of running on each session_start();
 * Chance calculated as gc_probability/gc_divisor
 * Session path is defined inside wire/core/Session.php and points to site/assets/sessions
 * Thanks to this modification session now takes into account gc_maxlifetime set in config
 */
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);

 

  • Thanks 2
Link to comment
Share on other sites
Leftfield Full Member

Leftfield

Posted
Posted

@cwsoftthanks for helping me!

2 hours ago, adrian said: 
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);


@adrian It's running on LiteSpeed, but I don't know what's underneath it. But hey, it is working like a charm.

  • Like 2
Link to comment
Share on other sites
adrian Hero Member

adrian

Posted
Posted

@ryan - I wonder if PW might automatically include those gc tweaks when Debian is detected? Maybe via something like this. Perhaps it could be run at install, rather than runtime if you're concerned about performance although it is only about 1ms.

image.thumb.png.9e8c142ed086562741a64655cb0638ca.png 

if (strtolower(substr(PHP_OS, 0, 5)) === 'linux') {
    $vars = array();
    $files = glob('/etc/*-release');
    foreach ($files as $file) {
        $lines = array_filter(array_map(function($line) {
            // split value from key
            $parts = explode('=', $line);
            // makes sure that "useless" lines are ignored (together with array_filter)
            if (count($parts) !== 2) return false;
            // remove quotes and new lines
            $parts[1] = str_replace(array('"', "'", "\n"), '', $parts[1]);
            return $parts;
        }, file($file)));

        foreach ($lines as $line) {
            $vars[$line[0]] = $line[1];
        }
    }
    d($vars['ID']);
}

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...