0

I want to add user logins and logout/session expiration info into database, Its easy for normal login and logout, but I couldn’t figure out how to proceed with automatic session expirations.

My authentication works like below.

My Login controller action

if ($request->isPost()) {
            $data = $request->getParams();
            $userModel = new Application_Model_User_DbTable();
            if ($user = $userModel->login($data['email'], $data['password'])) {
                /* check if user is activated or not */
                if ($user['status'] == 0) {
                    $this->view->loginerror = "<b>Account not active :</b> Please wait for admin to activate your account";
                }elseif($user['status'] == -1){ 
                    $this->view->loginerror = "<b>Account Suspended :</b> Your account is suspeneded you must contact admin to continue";
                }else {
                    /* Store authentication data in session */
                    $auth = Zend_Auth::getInstance();
                    $identity = Zend_Auth::getInstance()->getStorage();
                    $identity->write($user);
                    $this->_redirect('/fax');
                }
            } else {
                $this->view->loginerror = "<b>Invalid login :</b> Email or passsword is invalid !";
            }
        }

Authenticate Method in my user control

function authenticate($email, $password) {
        $where = array();
        $where[] = $this->getAdapter()->quoteinto('email = ?', $email);
        $user = $this->fetchRow($where);
        if (isset($user['email'])) {
            $salt = $user['password_salt'];
            if (sha1($password . $salt) == $user['password']) {
                /** here i will add login session info**/
                return $user;
            }
            return false;
        }
        return false;
    }
Rohith Raveendran
  • 410
  • 1
  • 6
  • 14
  • Without the user actually "logging out" there is no way to check for their expiry (you would need another HTTP request to check the last time stamp of the session). If however your sessions last for 20 minuets, it would be fair to say that any sessions that have not been refreshed within that time period are no longer active and you could have a scheduled task to update theses database records periodically. – AlexP Mar 18 '13 at 12:39

1 Answers1

0

I am afraid that there is no core PHP or Zend function to perform this, session timeout doesn't run in the background. Unless timed out session makes another request, it is not even possible to know if session is timed out.

One of the method would be to make ajax request to a action to check for time outs and update your db in that action.

ro ko
  • 2,906
  • 3
  • 37
  • 58