Well...this is not Laravel specific question IMO.
You need to log when a session started and you also need to define how long that session can live and decide to destroy or not to destroy.
Checkout http://stackoverflow.com/questions/520237/how-do-i-expire-a-ph...
Thanks for the link. As Laravel has its own code for sessions, will the $_SESSION variable contain relevant information?
http://laravel.com/docs/session#session-usage
You can call flush() to remove all the data on a session or call regenerate() to regenerate the session id.
I was aware of that, but I'm not sure what regenerate() does. However, there doesn't seem to be a method to obtain the last activity time like using $_SESSION['LAST_ACTIVITY']. How can a timeout be established without that?
Sorry for the delay in response.
You need to set the value of 'LAST_ACTIVITY" on your own. You probably want to set the value in a filter.
App::before(function ($request) { Session::put('LAST_ACTIVITY', time()); });
something like this.
Thanks for that information. Is their a suitable filter in which to place the code for checking for the expiry, from which a redirection can be made to a "session expired" view?
No problem.
I can't give you an answer since I don't know about your code, but I think you can use the same filter for the verification.
From the stack overflow I linked above,
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
// last request was more than 30 minutes ago
session_unset(); // unset $_SESSION variable for the run-time
session_destroy(); // destroy session data in storage
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
This can be converted into (not tested)
if (Session::get('LAST_ACTIVITY') && (time() - Session::get('LAST_ACTIVITY') > 1800 )) {
Session:flush();
}
Session::set('LAST_ACTIVITY', time());
I couldn't get this to work, then ran out of time, so apologies for not thanking you sooner. I had another go at it today and realised what the problem was: Session::flush() does not delete session data that the app creates, such as the shopping cart details. My solution was to do it like this:
App::before(function($request)
{
// Expire the session after the given number of seconds of inactivity
if (Session::get('LAST_ACTIVITY')
&& (time() - Session::get('LAST_ACTIVITY')) > 1000)
{
// Delete session data created by this app:
OrderController::clear_session();
}
Session::put('LAST_ACTIVITY', time());
});
Then, add the following code to the appropriate get handlers in the controller:
if (Session::get('SessionID') == null) {
return Redirect::to('expired');
}
where "SessionID" is initialised using "Session::set('SessionID', uniqid('S'))", when the shopping cart is created.
You don't have to create your own "LAST_ACTIVITY" key: you can use the Symfony meta-data available in Laravel's session:
$bag = Session::getMetadataBag();
$max = Config::get('session.lifetime') * 60;
if ($bag && $max < (time() - $bag->getLastUsed())) {
Event::fire('idle.too-long');
}
Firing an event lets you decouple the idle detection logic from the idle reaction logic.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast