Login Timeout Problem

Yii 2.0 General Discussions
1

I’m using Yii2 and have a implemented identity authentication in my application. However, the timeout seems not working.




return Yii::$app->user->login($this->getUser(), 30)

So, I have a User model which implements IdentityInterface.




class User extends ActiveRecord implements IdentityInterface

{

...

}

and I another LoginForm model class which call User’s login method.




class LoginForm extends Model

{

...

    public function login()

    {

        if ($this->validate()&&$this->User->validateduser==1) {

            return Yii::$app->user->login($this->getUser(), 30);

        } else {

            return false;

        }

    }

...

}

I check on whether the user logged-in or not using Yii::$app->user->isGuest. What am I missing?

2

Not working means nothing to us. Please be elaborate

3

  1. $duration = it’s seconds !

  2. $enableAutoLogin=true

  3. $enableSession=true

4

Sorry for being not detail in previous post. What I’m expecting when I use




Yii::$app->user->login($this->getUser(), 30);

is in 30 seconds Yii::$app->user->isGuest will return true, won’t it?

5

I’ve set 2 & 3 in config/web.php. Should I set duration in the config file as well?

6

To add more information, this is the output of executing the following command.




print_r(Yii::$app->user);







yii\web\User Object

(

    [identityClass] => app\models\User

    [enableAutoLogin] => 1

    [enableSession] => 1

    [loginUrl] => Array

        (

            [0] => kelas/login

        )


    [identityCookie] => Array

        (

            [name] => _identity

            [httpOnly] => 1

        )


    [authTimeout] => 

    [absoluteAuthTimeout] => 

    [autoRenewCookie] => 1

    [idParam] => __id

    [authTimeoutParam] => __expire

    [absoluteAuthTimeoutParam] => __absoluteExpire

    [returnUrlParam] => __returnUrl

    [_access:yii\web\User:private] => Array

        (

        )


    [_identity:yii\web\User:private] => 

    [_events:yii\base\Component:private] => Array

        (

        )


    [_behaviors:yii\base\Component:private] => 

)
7

Disable auto login. The docs says clearly

So set enableAutoLogin to false!

8

Hi Stefano, thank you for the prompt response. I did as the doc suggest and I’ve found out that whether I set enableAutoLogin to true or false, it doesn’t set “Yii::$app->user->isGuest” to true.

However, it is working when I add $authTimeout configuration.




        'user' => [

            'identityClass' => 'app\models\User',

            'enableAutoLogin' => false,

	    'enableSession' => true,

	    'authTimeout' => 30,

	    'loginUrl' => ['site/login'],

        ],

And this is my User model.




<?php


namespace app\models;


use Yii;

use yii\base\NotSupportedException;

use yii\db\ActiveRecord;

use yii\helpers\Security;

use yii\web\IdentityInterface;


class User extends ActiveRecord implements IdentityInterface

{

    public static function tableName()

    {

        return 'user';

    }

 

    public function rules()

    {

        return [

            [['username', 'password'], 'required', 'message' => 'Input cannot be left blank'],

        ];

    }


    public function attributeLabels()

    {

        return [

            'id' => 'ID',

            'username' => 'User name',

            'password' => 'Password',

        ];

    }


    public function getAuthKey() {

        return $this->auth_key;

    }


    public function getId() {

        return $this->getPrimaryKey();

    }


    public function validateAuthKey($authKey) {

        return $this->getAuthKey() === $authKey;

    }


    public static function findIdentity($id) {

        return static::findOne($id);

    }


    public static function findIdentityByAccessToken($token, $type = null) {

        return static::findOne(['access_token' => $token]);

    }


    public static function findByUsername($username)

    {

        return static::findOne(['username' => $username]);

    }


    public static function findByRegistrationKey($registrationkey)

    {

        return static::findOne(['registration_key' => $registrationkey]);

    }


    public static function findByEmail($email)

    {

        return static::findOne(['email' => $email]);

    }    


    public function validatePassword($password)

    {

	return Yii::$app->getSecurity()->validatePassword($password, $this->password);

    }

    

    public function setPassword($password)

    {

        $this->password_hash = Security::generatePasswordHash($password);

    }

    

    public function generateAuthKey()

    {

        $this->auth_key = Security::generateRandomKey();

    }


    public function generatePasswordResetToken()

    {

        $this->password_reset_token = Security::generateRandomKey() . '_' . time();

    }

    

    public function removePasswordResetToken()

    {

        $this->password_reset_token = null;

    }

}

Why I cannot set the duration programmatically?

9

So why not just use


Yii::$app->user->authTimeout = 30;