Jump to content
helmut2509

$config->sessionExpireSeconds does not work

Recommended Posts

In my PW-Application there is currently no session timeout.

I want to set the user session to 60 minutes which means that after 60 minutes of inactivity the user will be redirected to the homepage.

so I added the following entry to my config.php:

$config->sessionExpireSeconds = 120;

(120 seconds is just for testing).

But after five minutes of inactivity I am still logged in, there is no redirection.

Is there anything wrong or did I miss something?

In php.ini I have the entry:

session.cookie_lifetime = 3600

Share this post


Link to post
Share on other sites

Just curious, could you post your code where you are redirecting based on the session? It might help with answers to see the whole picture.

Share this post


Link to post
Share on other sites

Have you cleared all previous cookies and session files? Just to make sure there aren't any "old habits".

  • Like 1

Share this post


Link to post
Share on other sites
11 hours ago, louisstephens said:

Just curious, could you post your code where you are redirecting based on the session? It might help with answers to see the whole picture.

if(!session()->isLoggedin)
   session()->redirect(config()->loginUrl);

Share this post


Link to post
Share on other sites
  1. I added $config->sessionExpireSeconds = 120; to my config.php
  2. deleted all cookies and sessions (/site/assets/sessions/)
  3. opened a private window and logged in
  4. waited 2+ minutes
  5. clicked a link and was redirected to the login page

It works in the backend.

How and why there might be a difference in an application or frontend... I don't know. 

Maybe caching, maybing something that keeps the session alive.

Another thing is session()->isLoggedin where did you find that? All I know is $user->isLoggedin().

Maybe you could try:

if(!$user()->isLoggedin)
   session()->redirect(config()->loginUrl);

 

  • Like 1

Share this post


Link to post
Share on other sites
11 hours ago, wbmnfktr said:
  1. I added $config->sessionExpireSeconds = 120; to my config.php
  2. deleted all cookies and sessions (/site/assets/sessions/)
  3. opened a private window and logged in
  4. waited 2+ minutes
  5. clicked a link and was redirected to the login page

It works in the backend.

How and why there might be a difference in an application or frontend... I don't know. 

Maybe caching, maybing something that keeps the session alive.

Another thing is session()->isLoggedin where did you find that? All I know is $user->isLoggedin().

Maybe you could try:


if(!$user()->isLoggedin)
   session()->redirect(config()->loginUrl);

session()->isLoggedin is just a custom variable filled with 'true' after successfull login.

I found out that the session is not being saved in /site/assets/sessions/ but in the sessions table of the processwire database.

But strangely entries are only made at logout, never at login. Even after adding the $session()->login() command nothing changed.

 

 

 

Share this post


Link to post
Share on other sites
12 hours ago, helmut2509 said:

session()->isLoggedin is just a custom variable filled with 'true' after successfull login.

Try the $user->isLoggedin() option.

12 hours ago, helmut2509 said:

I found out that the session is not being saved in /site/assets/sessions/ but in the sessions table of the processwire database.

But strangely entries are only made at logout, never at login. Even after adding the $session()->login() command nothing changed.

I don't know enough about session handling in ProcessWire and why this is the way it works in your setup.

Which version of ProcessWire are you running? Are there any other broader modifications/custom codes for session or user handling?

Did you install any session related modules that may interfere here?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By derelektrischemoench
      Hi guys,
      I'm facing a somewhat strange issue here which I can't quite wrap my head around. 
      I have a PW site in development which runs on three machines simultaneously, one staging server which is accessible as a preview instance for my customer, my PC and my laptop. 
      I have three completely identical settings on each of the three machines (same apache version, same php version, same codebase, same database); however on my PC I am unable to log into the backend. I get no error message or anything, when I try to login; i just get redirected to the login  page. I have already enabled database driven sessions (I enabled them on my laptop, then I dumped the database and copied it to my pc); I have cleared the cache directory; I cleared the sessions in the database; I cleared my browser caches, I tried different browsers, all to no avail; I am unable to login when using my pc, the instances all have the same .htaccess.
      Is there something I'm missing here or does anyone have a clue as to what my issue here might be? I'm using processwire 3.0.123
      Thanks for any input, greetings
      derelektrischemoench
       
      //edit: I've noticed something interesting; despite the directories of my web folders being the same layout; when I open the admin page i get a 404 on the processwire/ resource in the networks panel of chrome; on my laptop I get a  200.... I guess this is where my problem is; but why?
       
       
    • By derelektrischemoench
      Hi guys,
      I'm facing a somewhat strange issue here which I can't quite wrap my head around. 
      I have a PW site in development which runs on three machines simultaneously, one staging server which is accessible as a preview instance for my customer, my PC and my laptop. 
      I have three completely identical settings on each of the three machines (same apache version, same php version, same codebase, same database); however on my PC I am unable to log into the backend. I get no error message or anything, when I try to login; i just get redirected to the login  page. I have already enabled database driven sessions (I enabled them on my laptop, then I dumped the database and copied it to my pc); I have cleared the cache directory; I cleared the sessions in the database; I cleared my browser caches, I tried different browsers, all to no avail; I am unable to login when using my pc, the instances all have the same .htaccess.
      Is there something I'm missing here or does anyone have a clue as to what my issue here might be? I'm using processwire 3.0.123
      Thanks for any input, greetings
      derelektrischemoench
       
       
    • By Peter Knight
      How do you guys handle large session tables when sessions are being recorded to the database?
      I notice one of my sites has a session table of over 14MB 
      Am I missing a way in the Admin or a module to auto-remove any sessions older than X days?
      Thanks
       
    • By celfred
      Hello,
      I'm facing a weird issue here. I have a page loaded with this code inside (my comments in line ends) :

      if ($session->allPlayers) { // Set in a head.inc file. I have also a $session->set('allTeams', $allTeams); in my head.inc   $allPlayers = $session->allPlayers; } else {   $allPlayers = getAllPlayers($user, false);   $session->set('allPlayers', $allPlayers); } bd($session->getAll()); // HERE, I get a number of 11 variables which is what I expect In the same page, I have a link pointing to ajaxContent.php that loads stuff via Ajax.
      I just write this in my ajaxContent.php to test :

      bd($session->getAll()); // HERE, I get only 9 variables. All my newly set $session variables ($allTeams and $allPlayers) are not conveyed to ajaxContent.php ??? Would you have any idea why is that ??? Another thing : I have a $session->headMenu set in my head.inc, and this one works fine. I can retrieve it in my ajaxContent.php page.
      I've tried cleaning all caches but it doesn't change anything 😞 
      At first, I expected it to be a 15-minute update to my site... It turns out to be a 2-hour issue and I'm still  stuck.
      Thanks for your ideas ! 
    • By Peter Knight
      I have a demo site which I moved to a new VPS for client testing
      We noticed that leaving a page open and then revisiting the site can result in a 25 second(ish) to load time and will then throw a 500 Error.
      The hosting guys had a look and confirmed that the server is fine but the issue could be related to authentication or sessions.
      We are running Page Protector and ProCache so I wondered if there were any known bugs here and any recommended actions.
      My actual PW log doesn't show anything but the server log has plenty of these
       
      2018-12-06 08:14:00 Error xxx.141.1x.101 500 POST /who-we-are/ HTTP/1.0     1.58 K Apache access 2018-12-06 08:14:45 Warning xxx.141.1x.131   mod_fcgid: read data timeout in 45 seconds, referer: http://demo.abc.not/who-we-are/       Apache error 2018-12-06 08:14:45 Error xxx.141.1x.131   End of script output before headers: index.php, referer: http://demo.abc.not/who-we-are/       Apache error 2018-12-06 09:03:18 Error xxx.141.1x.131   2614#0: *667 recv() failed (104: Connection reset by peer) while reading response header from upstream       nginx error Thanks
      P
×
×
  • Create New...