Jump to content

Archived

This topic is now archived and is closed to further replies.

shaunie

Symfony2 Session Idle Time

Recommended Posts

Hi,

 

I understand I can use gc_maxlifetime to kill any sessions and logout a user if they have left the browser idle. How do I set this so it can be configured via config.yml?

Share this post


Link to post
Share on other sites
I have set the parameters in config.yml as this but it's not logging me out after 10 seconds...

 

framework:

    session:

        cookie_lifetime: 10

        gc_maxlifetime: 10

        gc_probability: 1

        gc_divisor: 1

Share this post


Link to post
Share on other sites

GC doesn't always run, that's why there is a probability. Try setting probability higher. I think you are playing with the wrong setting though. I don't use symfony, but you should probably be setting a session expire time, not the GC.

Share this post


Link to post
Share on other sites

This is a common misconception that people have about sessions. "Login" is an application concept. Sessions are simply per-connection server-side storage. An anonymous user hitting your server will create a session in most cases.

 

By default sessions are stored as files on your file server. You can look at the manual page to see how the garbage collection works, but as skunkbad stated, without a quorum of users hitting your site, the probability calculation won't be triggered, and garbage collection will not cleanup the session files.

 

Regardless of this fact, your application would be better served if you set an application expire time in your session, and utilized that to determine that someone should be logged out.

 

With that said, one fairly easy way of doing what you're trying to do, would be to change the storage of your sessions from the default to a cache system like memcache, where you can control the expiration of the storage separately at creation time. I don't advise that you do that until you better understand session mechanics, however, memcache is certainly a high performance/scalability step, should your deployment ever get to the point that you require multiple servers behind a load balancer.

 

I would still recommend that you handle "login" in your application code. Also, to be clear, these calculations can only be determined when requests are made. An idle browser will not show that the client is "logged out" if no requests are made to the server.

Share this post


Link to post
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.