Yii users being logged out after 15-30 minutes despite session timeouts being set to at least 1 day
Solution 1
http://www.yiiframework.com/doc/api/1.1/CWebUser#login-detail
Thanks to help from Arfeen who pointed me in the right direction, unless you set the second parameter of Yii::app()->user->login()
it turns out that Yii will not use a persistent cookie, as the second parameter defaults to 0. This default 0-value overrides anything else you might have set to do with timeouts.
Solution 2
I had a identical problem, even if i make authTimeout 3600 * 24 ( 24 hours ) the user still making logout in about 30 minutes. I discovered that on php.ini there is a option:
session.gc_maxlifetime
for default this options is 24 minutes, so i changed for what i needed
session.gc_maxlifetime = 86400
24 hours. Problem Solved for me.
Hope this could help someone!
Solution 3
Try this: first one when you got login you could set setState this:
yii::app()->user->setState('userSessionTimeout', time() + Yii::app()->params['sessionTimeoutSeconds']);
add those are text companents.controller.php
public function beforeAction(){
// Check only when the user is logged in
if ( !Yii::app()->user->isGuest) {
if ( yii::app()->user->getState('userSessionTimeout') < time() ) {
// timeout
Yii::app()->user->logout();
$this->redirect(array('/site/login')); //
} else {
yii::app()->user->setState('userSessionTimeout', time() + Yii::app()->params['sessionTimeoutSeconds']) ;
return true;
}
} else {
return true;
}
}
and add those are in config main.php file:
'params'=>array( 'sessionTimeoutSeconds'=>1800, // 30 minute ),
Related videos on Youtube
Tom Busby
Updated on July 15, 2020Comments
-
Tom Busby almost 4 years
I've included the relevent parts of our Yii config file below:
return array( ... 'components'=>array( 'session' => array( 'timeout' => 86400, ), 'user'=>array( 'allowAutoLogin' => true, 'autoRenewCookie' => true, 'authTimeout' => 31557600, ), ... ), ... );
I have also been into php.ini and set
session.gc_maxlifetime = 86400
but this still hasn't fixed the problem.Currently, Im absolutely at a loss as to what else could be causing it to timeout and log the user out after roughly 15-30 minutes of inactivity. Ideally users should remain logged in for at least a day of inactivity (and beyond closing the browser window, browser preferences allowing).
I've trawled google, Yii and stack overflow and just can't find anything that I'm overlooking... but clearly I am overlooking something. If anyone can help me out I'd be very grateful.
A sample of typical code that we are using to log in the users was requested and is included below:
$identity = new UserIdentity('facebook', $id, $user->name, $user->email); $loggedIn = Yii::app()->user->login($identity); $this->subscriptionChecker->updateCurrentUserSubscribed();
This is pretty typical of any time that
Yii::app()->user->login()
is called
From Chrome, here are the cookies I have for the site and their expiries (after clearing all cookies and just logging in):
PHPSESSID expires When the browsing session ends // I'm informed these are set by google analytics __utma created Friday, 12 October 2012 14:05:31 expires Sunday, 12 October 2014 14:05:31 __utmb created Friday 12 October 2012 14:05:31 expires Friday 12 October 2012 14:35:31, __utmc created Friday, 12 October 2012 14:05:31 expires When the browsing session ends __utmz created Friday 12 October 2012 14:05:31 expires Saturday 13 April 2013 02:05:31 // end google analytics
-
Arfeen over 11 yearscheck if you used Yii::app()->user->login method to set session time ?
-
Tom Busby over 11 yearsWhen we log in users we don't set the session time
-
bool.dev over 11 yearsI think how you are logging in your users is important here, can you show that bit of the code?
-
Arfeen over 11 yearsAlso try to maintain session in the DB (just for the test) and see what is the "expire" time ?
-
Tom Busby over 11 yearsHow do I maintain a session in a database?
-
Luke over 11 yearsCheck the session cookie being sent to the browser, make sure it doesn't expire prematurely.
-
Arfeen over 11 years'session'=>array( 'class'=>'CDbHttpSession', 'connectionID'=>'db', //name of your database connection 'sessionTableName' => 'yiisession', 'timeout' => 86400, ),
-
Arfeen over 11 yearsalso check what happens when you do $loggedIn = Yii::app()->user->login($identity, 86400);
-
Tom Busby over 11 yearsI've added
($identity, 86400)
I'm gonna open a different browser, login, leave that for 35 mins and see if it's expired. If that doesn't work, I'll set it up to store in the DB and let you know what I get. -
Luke over 11 yearsThe __utm cookies are set by google analytics, they aren't the problem.
-
Tom Busby over 11 yearsThat suggests then that no persistent cookies are being set by Yii depsite "autologin" being set to true. Hmm
-
Arfeen over 11 yearsYes even after setting autologin true, I also saw no cookies in my project so I setup my own custom cookies to implement autologin . I thought that was only me who faced.
-
Tom Busby over 11 yearsNice to know it's not just us, I'll do a google, see if I can find a solution
-
Tom Busby over 11 yearsArfeen, I've found the reason why the persistent cookies weren't being created. If you want to take advantage of
allowAutoLogin
you actually have to set the second param: yiiframework.com/doc/api/1.1/CWebUser#login-detail
-
-
Arfeen over 11 yearsyup thats why I asked to check it. But did u check what value you are getting from isGuest property of yii app user ? And welcome anyway :)
-
Tom Busby over 11 yearsYeah the isGuest property was working properly, we use that quite extensively.