Jump to content

$config->sessionExpireSeconds does not work


helmut2509
 Share

Recommended Posts

In my PW-Application there is currently no session timeout.

I want to set the user session to 60 minutes which means that after 60 minutes of inactivity the user will be redirected to the homepage.

so I added the following entry to my config.php:

$config->sessionExpireSeconds = 120;

(120 seconds is just for testing).

But after five minutes of inactivity I am still logged in, there is no redirection.

Is there anything wrong or did I miss something?

In php.ini I have the entry:

session.cookie_lifetime = 3600

Link to comment
Share on other sites

  1. I added $config->sessionExpireSeconds = 120; to my config.php
  2. deleted all cookies and sessions (/site/assets/sessions/)
  3. opened a private window and logged in
  4. waited 2+ minutes
  5. clicked a link and was redirected to the login page

It works in the backend.

How and why there might be a difference in an application or frontend... I don't know. 

Maybe caching, maybing something that keeps the session alive.

Another thing is session()->isLoggedin where did you find that? All I know is $user->isLoggedin().

Maybe you could try:

if(!$user()->isLoggedin)
   session()->redirect(config()->loginUrl);

 

  • Like 1
Link to comment
Share on other sites

11 hours ago, wbmnfktr said:
  1. I added $config->sessionExpireSeconds = 120; to my config.php
  2. deleted all cookies and sessions (/site/assets/sessions/)
  3. opened a private window and logged in
  4. waited 2+ minutes
  5. clicked a link and was redirected to the login page

It works in the backend.

How and why there might be a difference in an application or frontend... I don't know. 

Maybe caching, maybing something that keeps the session alive.

Another thing is session()->isLoggedin where did you find that? All I know is $user->isLoggedin().

Maybe you could try:


if(!$user()->isLoggedin)
   session()->redirect(config()->loginUrl);

session()->isLoggedin is just a custom variable filled with 'true' after successfull login.

I found out that the session is not being saved in /site/assets/sessions/ but in the sessions table of the processwire database.

But strangely entries are only made at logout, never at login. Even after adding the $session()->login() command nothing changed.

 

 

 

Link to comment
Share on other sites

12 hours ago, helmut2509 said:

session()->isLoggedin is just a custom variable filled with 'true' after successfull login.

Try the $user->isLoggedin() option.

12 hours ago, helmut2509 said:

I found out that the session is not being saved in /site/assets/sessions/ but in the sessions table of the processwire database.

But strangely entries are only made at logout, never at login. Even after adding the $session()->login() command nothing changed.

I don't know enough about session handling in ProcessWire and why this is the way it works in your setup.

Which version of ProcessWire are you running? Are there any other broader modifications/custom codes for session or user handling?

Did you install any session related modules that may interfere here?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Similar Content

    • By theoretic
      Hi guys and ladies! And thanks for Processwire!
      It appears i've got an interesting issue concerning the template-settings-based PW redirects dealing with access control. Any PW template has some access control options i.e. "Login redirect URL or page ID to render". If this option is used for a page having a template with this option filled, a redirect will occur if user is not logged in and/or has insufficient access rights.
      I like to hook PW events. In one of my current projects i decided to write an addHookBefore('Session::redirect', ...) which should store the page we are being redirected from. With "regular" redirects like $session->redirect('/somewhere/') this hook works like a charm. But it was strange to see that it doesn't work with the template-settings-based redirect.
      I'm too dumb to dive deep inside PW and to examine the whole PW session mechanism. But it could be rather logical if ANY redirect ( no matter template-settings-based or using $session->redirect() ) could be hooked in the same manner.
      Okay okay i can forget about template-settings-based redirect and write my own. Just a couple of lines of code, and it works. But it's less elegant than hooking the template-settings-based redirects.
      So am i missing something? It this behavior a bug, or is it intended by PW team? Thanks in advance for any comment!
    • By fliwire
      Hi, after redirect to payment page processwire session lost because of samesite cookies changed default to "lax".

      https://web.dev/samesite-cookies-explained/

      tried to hook session::init but not works ?
      $wire->addHookBefore("Session::init", function (HookEvent $event) { ini_set('session.cookie_samesite', 'None'); session_set_cookie_params(['samesite' => 'None']); });

      set by htaccess works
       
      <ifmodule mod_headers.c> Header always edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure </ifmodule>  
    • By derelektrischemoench
      Hi guys,
      I'm facing a somewhat strange issue here which I can't quite wrap my head around. 
      I have a PW site in development which runs on three machines simultaneously, one staging server which is accessible as a preview instance for my customer, my PC and my laptop. 
      I have three completely identical settings on each of the three machines (same apache version, same php version, same codebase, same database); however on my PC I am unable to log into the backend. I get no error message or anything, when I try to login; i just get redirected to the login  page. I have already enabled database driven sessions (I enabled them on my laptop, then I dumped the database and copied it to my pc); I have cleared the cache directory; I cleared the sessions in the database; I cleared my browser caches, I tried different browsers, all to no avail; I am unable to login when using my pc, the instances all have the same .htaccess.
      Is there something I'm missing here or does anyone have a clue as to what my issue here might be? I'm using processwire 3.0.123
      Thanks for any input, greetings
      derelektrischemoench
       
      //edit: I've noticed something interesting; despite the directories of my web folders being the same layout; when I open the admin page i get a 404 on the processwire/ resource in the networks panel of chrome; on my laptop I get a  200.... I guess this is where my problem is; but why?
       
       
    • By derelektrischemoench
      Hi guys,
      I'm facing a somewhat strange issue here which I can't quite wrap my head around. 
      I have a PW site in development which runs on three machines simultaneously, one staging server which is accessible as a preview instance for my customer, my PC and my laptop. 
      I have three completely identical settings on each of the three machines (same apache version, same php version, same codebase, same database); however on my PC I am unable to log into the backend. I get no error message or anything, when I try to login; i just get redirected to the login  page. I have already enabled database driven sessions (I enabled them on my laptop, then I dumped the database and copied it to my pc); I have cleared the cache directory; I cleared the sessions in the database; I cleared my browser caches, I tried different browsers, all to no avail; I am unable to login when using my pc, the instances all have the same .htaccess.
      Is there something I'm missing here or does anyone have a clue as to what my issue here might be? I'm using processwire 3.0.123
      Thanks for any input, greetings
      derelektrischemoench
       
       
    • By Peter Knight
      How do you guys handle large session tables when sessions are being recorded to the database?
      I notice one of my sites has a session table of over 14MB 
      Am I missing a way in the Admin or a module to auto-remove any sessions older than X days?
      Thanks
       
×
×
  • Create New...