22

I've included the relevent parts of our Yii config file below:

return array(
...
    'components'=>array(
        'session' => array(
            'timeout' => 86400,
        ),
        'user'=>array(
            'allowAutoLogin' => true,
            'autoRenewCookie' => true,
            'authTimeout' => 31557600,
        ),
    ...
    ),
...
);

I have also been into php.ini and set session.gc_maxlifetime = 86400 but this still hasn't fixed the problem.

Currently, Im absolutely at a loss as to what else could be causing it to timeout and log the user out after roughly 15-30 minutes of inactivity. Ideally users should remain logged in for at least a day of inactivity (and beyond closing the browser window, browser preferences allowing).

I've trawled google, Yii and stack overflow and just can't find anything that I'm overlooking... but clearly I am overlooking something. If anyone can help me out I'd be very grateful.

A sample of typical code that we are using to log in the users was requested and is included below:

$identity = new UserIdentity('facebook', $id, $user->name, $user->email);
$loggedIn = Yii::app()->user->login($identity);
$this->subscriptionChecker->updateCurrentUserSubscribed();

This is pretty typical of any time that Yii::app()->user->login() is called

From Chrome, here are the cookies I have for the site and their expiries (after clearing all cookies and just logging in):

PHPSESSID expires When the browsing session ends

// I'm informed these are set by google analytics  
__utma created Friday, 12 October 2012 14:05:31 expires Sunday, 12 October 2014 14:05:31

__utmb created Friday 12 October 2012 14:05:31 expires Friday 12 October 2012 14:35:31,

__utmc created Friday, 12 October 2012 14:05:31 expires When the browsing session ends

__utmz created Friday 12 October 2012 14:05:31 expires Saturday 13 April 2013 02:05:31  
// end google analytics
Wtower
  • 18,848
  • 11
  • 103
  • 80
Tom Busby
  • 1,319
  • 2
  • 12
  • 25
  • 1
    check if you used Yii::app()->user->login method to set session time ? – Arfeen Oct 12 '12 at 12:46
  • When we log in users we don't set the session time – Tom Busby Oct 12 '12 at 12:47
  • 1
    I think how you are logging in your users is important here, can you show that bit of the code? – bool.dev Oct 12 '12 at 12:52
  • 2
    Also try to maintain session in the DB (just for the test) and see what is the "expire" time ? – Arfeen Oct 12 '12 at 12:55
  • How do I maintain a session in a database? – Tom Busby Oct 12 '12 at 12:57
  • 1
    Check the session cookie being sent to the browser, make sure it doesn't expire prematurely. – Luke Oct 12 '12 at 13:02
  • 1
    'session'=>array( 'class'=>'CDbHttpSession', 'connectionID'=>'db', //name of your database connection 'sessionTableName' => 'yiisession', 'timeout' => 86400, ), – Arfeen Oct 12 '12 at 13:08
  • 3
    also check what happens when you do $loggedIn = Yii::app()->user->login($identity, 86400); – Arfeen Oct 12 '12 at 13:10
  • I've added `($identity, 86400)` I'm gonna open a different browser, login, leave that for 35 mins and see if it's expired. If that doesn't work, I'll set it up to store in the DB and let you know what I get. – Tom Busby Oct 12 '12 at 13:17
  • 1
    The __utm cookies are set by google analytics, they aren't the problem. – Luke Oct 12 '12 at 13:17
  • That suggests then that no persistent cookies are being set by Yii depsite "autologin" being set to true. Hmm – Tom Busby Oct 12 '12 at 13:20
  • Yes even after setting autologin true, I also saw no cookies in my project so I setup my own custom cookies to implement autologin . I thought that was only me who faced. – Arfeen Oct 12 '12 at 13:25
  • Nice to know it's not just us, I'll do a google, see if I can find a solution – Tom Busby Oct 12 '12 at 13:28
  • 1
    Arfeen, I've found the reason why the persistent cookies weren't being created. If you want to take advantage of `allowAutoLogin` you actually _have_ to set the second param: http://www.yiiframework.com/doc/api/1.1/CWebUser#login-detail – Tom Busby Oct 12 '12 at 14:08

5 Answers5

15

http://www.yiiframework.com/doc/api/1.1/CWebUser#login-detail

Thanks to help from Arfeen who pointed me in the right direction, unless you set the second parameter of Yii::app()->user->login() it turns out that Yii will not use a persistent cookie, as the second parameter defaults to 0. This default 0-value overrides anything else you might have set to do with timeouts.

Tom Busby
  • 1,319
  • 2
  • 12
  • 25
  • yup thats why I asked to check it. But did u check what value you are getting from isGuest property of yii app user ? And welcome anyway :) – Arfeen Oct 14 '12 at 11:27
  • Yeah the isGuest property was working properly, we use that quite extensively. – Tom Busby Oct 19 '12 at 14:03
2

I had a identical problem, even if i make authTimeout 3600 * 24 ( 24 hours ) the user still making logout in about 30 minutes. I discovered that on php.ini there is a option:

session.gc_maxlifetime

for default this options is 24 minutes, so i changed for what i needed

session.gc_maxlifetime = 86400

24 hours. Problem Solved for me.

Hope this could help someone!

Fernando Carvalho
  • 121
  • 1
  • 3
1

Try this: first one when you got login you could set setState this: 

yii::app()->user->setState('userSessionTimeout', time() + Yii::app()->params['sessionTimeoutSeconds']);

add those are text companents.controller.php

 public function beforeAction(){
            // Check only when the user is logged in
            if ( !Yii::app()->user->isGuest)  {
               if ( yii::app()->user->getState('userSessionTimeout') < time() ) {
                   // timeout
                   Yii::app()->user->logout();
                   $this->redirect(array('/site/login'));  //
               } else {
                   yii::app()->user->setState('userSessionTimeout', time() + Yii::app()->params['sessionTimeoutSeconds']) ;
                   return true; 
               }
            } else {
                return true;
            }
        }

and add those are in config main.php file:

'params'=>array( 'sessionTimeoutSeconds'=>1800, // 30 minute ),

Muxiddin Jumaniyazov
  • 57
  • 1
  • 1
  • 5
0

For Yii2

This solution after login for session cookies set expire time after 7 days:

'components' => [
    'session' => [
        'class' => 'yii\web\Session',
        'cookieParams' => ['lifetime' => 7 * 24 *60 * 60]
    ],
uldis
  • 344
  • 2
  • 6
-1

For Yii2 version

In your /config/params.php set the timeout in seconds:

'sessionTimeoutSeconds' => '1800',

In you controllers/SiteController.php actionLogin() method add the following:

// Set the user session timeout
Yii::$app->session->set('userSessionTimeout', time() + Yii::$app->params['sessionTimeoutSeconds']);

Also add the beforeAction method in the SiteController.php 

public function beforeAction($action)
{

    if (!parent::beforeAction($action)) {
        return false;
    }

    // Check only when the user is logged in
    if ( !Yii::$app->user->isGuest)  {
        if (Yii::$app->session['userSessionTimeout'] < time()) {
            Yii::$app->user->logout();
        } else {
            Yii::$app->session->set('userSessionTimeout', time() + Yii::$app->params['sessionTimeoutSeconds']);
            return true; 
        }
    } else {
        return true;
    }
}

In your views/layouts/main.php: Between the head DOM to add the auto refresh header to sent the app back to login view. 

<? if (!Yii::$app->user->isGuest) { ?>
            <meta http-equiv="refresh" content="<?php echo Yii::$app->params['sessionTimeoutSeconds'];?>;"/>
<? } ?>
Gajen Sunthara
  • 4,470
  • 37
  • 23