Yii Framework Forum: How to implement Session Timeout? - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

How to implement Session Timeout? How I implemented Session Timeout... Rate Topic: -----

#1 User is offline   tax14 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 35
  • Joined: 27-August 10

Posted 05 October 2010 - 12:41 PM

I am a beginner learning to use this wounderful PHP framework. I wanted to implement session timeout in my application. I did a lot of search but could not find steps simple enough for me to understand. Well, I managed to implement Session Timeout in my application. I decided to put it here, just in case someone else may find it useful. And, experts may comment if there is any flaw in this implementation.

First I created a session timeout parameter that holds the timeout value. (Store it in proteced\config\main.php or your parameters files, e.g. protected\config\params.php)

	
	'sessionTimeoutSeconds'=>300,  //timeout value in seconds 
);


Next, in the authenticate() function of protected\components\UserIdentity.php, use the following command to store the time when the tiemout should happen in a user session variable after successful login.


                        // Define sessiotimeout value
                        yii::app()->user->setState('userSessionTimeout', time()+Yii::app()->params['sessionTimeoutSeconds']    );


Next, in the protected\components\Controller.php, add the following function:

        public function beforeAction(){
            // Check only when the user is logged in
            if ( !Yii::app()->user->isGuest)  {
               if ( yii::app()->user->getState('userSessionTimeout') < time() ) {
                   // timeout
                   Yii::app()->user->logout();
                   $this->redirect(array('/site/SessionTimeout'));  //
               } else {
                   yii::app()->user->setState('userSessionTimeout', time() + Yii::app()->params['sessionTimeoutSeconds']) ;
                   return true; 
               }
            } else {
                return true;
            }
        }



The beforeAction() code runs before any action runs. Notice that the code checks if time stored in userSessionTimeout has passed only for logged-in users. (Thus if the user is not logged in, all pages that do not require login will continue to work.). In case of sessiontimeout, it logs out the user and calls the SessionTimeout action in the Site controller. So, add the following code in the SiteController.

	public function actionSessionTimeout()
	{
		$this->render('sessiontimeout');
	}


actionSessionTimeout() just renders views\site\sessiontimeout.php view file where you can display a suitable message. Here is a simple views\site\sessiontimeout.php file.

<?php
$this->pageTitle=Yii::app()->name . ' - Session Timeout';
?>

<h1>Session timeout</h1>

<div class="error">
<?php echo CHtml::encode('Session timed out. Please login again to continue.'); ?>
</div>


Note: The above scheme does not take care of Ajax callbacks.
0

#2 User is offline   Y!! 

  • Advanced Member
  • Yii
  • Group: Yii Dev Team
  • Posts: 978
  • Joined: 18-June 09

Posted 05 October 2010 - 01:17 PM

You can do in config:

'components' => array(
   ...
   'session' => array(
      'timeout' => 300,
   ),
   ...
),


But without custom modifications like yours, Yii is unable to serve a session-expired page. You really need this? Isn't a redirect to the login page enough?
0

#3 User is offline   tax14 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 35
  • Joined: 27-August 10

Posted 05 October 2010 - 02:33 PM

View PostY!!, on 05 October 2010 - 01:17 PM, said:

You can do in config:

'components' => array(
   ...
   'session' => array(
      'timeout' => 300,
   ),
   ...
),


But without custom modifications like yours, Yii is unable to serve a session-expired page. You really need this? Isn't a redirect to the login page enough?



I can do without displaying custom session-expired page. I tried you the code you have suggested in the 'components' array, as well as the following code.

               'session' => array(
                   'timeout' => 60,
                   'cookieMode' =>'only',
                   'cookieParams' => array('secure' => false, 'httponly' => false),
                ),


However, my session never expires. Am I missing something?
0

#4 User is offline   intel352 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 196
  • Joined: 05-February 10
  • Location:Southport, NC

Posted 16 December 2010 - 10:22 AM

I've also set timeout (left other vars defaulted), and I don't see sessions timing out.
I can leave my browser open from last night, refresh the page, and my session is still available.
Need live Yii support? - Join the #yii IRC channel on Freenode!
0

#5 User is offline   donlemmings 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 2
  • Joined: 25-February 10

Posted 04 January 2011 - 05:17 PM

That's my solution to define a timeout for session with a redirect/refresh after expired session.

protected/config/main.php : (define the session timeout)

$sessionTimeout = 5; // 5 secondes

return array(
	'params'=>require(dirname(__FILE__).'/params.php'),
	'components'=>array(
		'session' => array(
			'class' => 'CDbHttpSession',
			'timeout' => $sessionTimeout,
		),
	),
);


protected/config/params.php :

// this contains the application parameters that can be maintained via GUI
return array(
	'session_timeout'=> $sessionTimeout,
);


protected/views/layout/main.php : (define the refresh)

<html>
<head>	
	<?php if (!Yii::app()->user->isGuest) {?>
		<meta http-equiv="refresh" content="<?php echo Yii::app()->params['session_timeout'];?>;"/>
	<?php }?>
</head>
<body>
…
</body>
</html>

0

#6 User is offline   gukan 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 6
  • Joined: 23-August 11

Posted 24 November 2011 - 02:05 AM

Oh my God .,
Every thing is working fine , Some of guys say ajax is not working in session time out
simple thing we need to check in
<html>
<head>
<?php if (!Yii::app()->user->isGuest) {?>
<meta http-equiv="refresh" content="<?php echo Yii::app()->params['session_timeout'];?>;"/>
<?php }?>
</head>

Its not taken a value from what we set in main.php that's a problem i solve it , get a value or set a value in proper way. <?php echo '900';?> use like this its working

Thanks guys.
0

#7 User is offline   Legend 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 4
  • Joined: 15-December 11

Posted 15 December 2011 - 04:08 AM

But i still confused , if user login failed in 3 times , i want to block login from session with time delay .. somebody , help me please to resolve my problem . Thanks . :)
0

#8 User is offline   weybesay 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 2
  • Joined: 13-December 11

Posted 15 December 2011 - 06:11 AM

Hi Guys I found out that if you put it inside the params array of the config/main.php, you will be able to display the value using <?php echo Yii::app()->params['session_timeout'];?> instaead of <?php echo '900' ?> Try it.
0

#9 User is offline   weybesay 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 2
  • Joined: 13-December 11

  Posted 15 December 2011 - 06:11 AM

Hi Guys I found out that if you put it inside the params array of the config/main.php, you will be able to display the value using <?php echo Yii::app()->params['session_timeout'];?> instaead of <?php echo '900' ?> Try it.
0

#10 User is offline   gukan 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 6
  • Joined: 23-August 11

Posted 29 December 2011 - 02:03 AM

Hi friends,

Try this who will have a session timeout problem in cgridview ,
Just small condition to solve , After long time i found
Set inside your cgridview.
'ajaxUpdate'=>false,

If it is set false, it means sorting and pagination will be performed in normal page requests
* instead of AJAX requests. If the sorting and pagination should trigger the update of multiple
* containers' content in AJAX fashion, these container IDs may be listed here (separated with comma).

Enjoy yii,
0

#11 User is offline   jacmoe 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 2,601
  • Joined: 10-October 10
  • Location:Denmark

Posted 29 December 2011 - 01:26 PM

/* moved to Yii 1.1 help forum /*
"Less noise - more signal"
0

#12 User is offline   ianaré 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 50
  • Joined: 05-November 10
  • Location:Terra (III in Sol system)

Posted 06 July 2012 - 04:16 AM

You can also check out my timeout-dialog extension which pops up a Javascript dialog on session timeout.

(shameless plug)
0

#13 User is offline   wonk4rol 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 11
  • Joined: 02-May 12
  • Location:Indonesia

Posted 13 July 2013 - 04:11 AM

Thanx, it works for me to redirect to logout page. (y)

View Postdonlemmings, on 04 January 2011 - 05:17 PM, said:

That's my solution to define a timeout for session with a redirect/refresh after expired session.

protected/config/main.php : (define the session timeout)

$sessionTimeout = 5; // 5 secondes

return array(
	'params'=>require(dirname(__FILE__).'/params.php'),
	'components'=>array(
		'session' => array(
			'class' => 'CDbHttpSession',
			'timeout' => $sessionTimeout,
		),
	),
);


protected/config/params.php :

// this contains the application parameters that can be maintained via GUI
return array(
	'session_timeout'=> $sessionTimeout,
);


protected/views/layout/main.php : (define the refresh)

<html>
<head>	
	<?php if (!Yii::app()->user->isGuest) {?>
		<meta http-equiv="refresh" content="<?php echo Yii::app()->params['session_timeout'];?>;"/>
	<?php }?>
</head>
<body>
…
</body>
</html>


0

#14 User is offline   mutt 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 1
  • Joined: 25-December 13

Posted 25 December 2013 - 02:59 PM

The timeout-dialog is a nice way to implement a user-friendly session timeout. Just beware that the current implementation does not play well when users have multiple browser tabs open that are using the same session. User can get logged out of their current tab by a background one and not know it.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users