php - Expiration of fat-free framework sessions -


how set fat-free framework session expire after duration, 5 minutes, of inactivity? web app keeps open until user logouts out.

first of need know php session garbage collector behaviour. default, triggers randomly on every 100th request (for performance purposes), looks expired session files (default: 1440s) , remove them.

also need know linux distributions (e.g debian) disable garbage collector , replace own cron job.

you start checking php configuration:

foreach (['gc_probability','gc_divisor','gc_maxlifetime'] $k)     echo $k,'=',ini_get("session.$k"),'<br>'; 

if gc probability 0, sessions files won't ever removed (or removed cron job on debian). if not 0, low (e.g 1/100), sessions files removed time (try refresh page 100 times).

in theory, set probability 1 (gc_probability=gc_divisor=1) have sessions files removed expired. work on small apps low traffic, affect performance on bigger apps (imagine gc needs scan 1000 or more session files on each request).

the cleanest , portable way of handle issue expire sessions yourself. every time you're loading user session data, check last time here , clear session data if it's expired.

here's small example:

$f3->timeout=7200;// define session timeout here (in seconds) ini_set('session.gc_maxlifetime',$f3->timeout);// see note (*) below  $f3->route('get|post|delete /session',function($f3){      // load session data     $data=&$f3->ref('session.data');      // sign in on post requests     if ($f3->verb==='post') {         $data=['user'=>'john','stamp'=>time()];         $f3->reroute();     }      // sign out on delete requests     if ($f3->verb==='delete') {         // sign out         $data=null;         $f3->reroute();     }      // check if session has expired     if (is_array($data) && time()>$data['stamp']+$f3->timeout) {         $data=null;     }      // check if user authenticated     if (is_array($data)) {         echo 'welcome ',$data['user'],' last time we\'ve seen ',date(date_w3c,$data['stamp']);         echo '<form action="" method="post"><button>sign out</button><input type="hidden" name="_method" value="delete"/></form>';         $data['stamp']=time();// update session stamp     } else         echo 'you\'re not authenticated';         echo '<form action="" method="post"><button>authenticate `john`</button></form>';  }); 

of course, you'd better wrap logic in dedicated class.

(*) php gc maxlifetime should not lower $f3->timeout, otherwise interfere it. let's $f3->timeout equals 7200 , session.gc_maxlifetime set 1440 (default), there chances user sessions expired between 1440 , 7200.


Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -