I've included the relevent parts of our Yii config file below:
return array(
...
'components'=>array(
'session' => array(
'timeout' => 86400,
),
'user'=>array(
'allowAutoLogin' => true,
'autoRenewCookie' => true,
'authTimeout' => 31557600,
),
...
),
...
);
I have also been into php.ini and set session.gc_maxlifetime = 86400 but this still hasn't fixed the problem.
Currently, Im absolutely at a loss as to what else could be causing it to timeout and log the user out after roughly 15-30 minutes of inactivity. Ideally users should remain logged in for at least a day of inactivity (and beyond closing the browser window, browser preferences allowing).
I've trawled google, Yii and stack overflow and just can't find anything that I'm overlooking... but clearly I am overlooking something. If anyone can help me out I'd be very grateful.
A sample of typical code that we are using to log in the users was requested and is included below:
$identity = new UserIdentity('facebook', $id, $user->name, $user->email);
$loggedIn = Yii::app()->user->login($identity);
$this->subscriptionChecker->updateCurrentUserSubscribed();
This is pretty typical of any time that Yii::app()->user->login() is called
From Chrome, here are the cookies I have for the site and their expiries (after clearing all cookies and just logging in):
PHPSESSID expires When the browsing session ends
// I'm informed these are set by google analytics
__utma created Friday, 12 October 2012 14:05:31 expires Sunday, 12 October 2014 14:05:31
__utmb created Friday 12 October 2012 14:05:31 expires Friday 12 October 2012 14:35:31,
__utmc created Friday, 12 October 2012 14:05:31 expires When the browsing session ends
__utmz created Friday 12 October 2012 14:05:31 expires Saturday 13 April 2013 02:05:31
// end google analytics
http://www.yiiframework.com/doc/api/1.1/CWebUser#login-detail
Thanks to help from Arfeen who pointed me in the right direction, unless you set the second parameter of Yii::app()->user->login() it turns out that Yii will not use a persistent cookie, as the second parameter defaults to 0. This default 0-value overrides anything else you might have set to do with timeouts.
Try this:
first one
when you got login you could set setState
this:
yii::app()->user->setState('userSessionTimeout', time() + Yii::app()->params['sessionTimeoutSeconds']);
add those are text companents.controller.php
public function beforeAction(){
// Check only when the user is logged in
if ( !Yii::app()->user->isGuest) {
if ( yii::app()->user->getState('userSessionTimeout') < time() ) {
// timeout
Yii::app()->user->logout();
$this->redirect(array('/site/login')); //
} else {
yii::app()->user->setState('userSessionTimeout', time() + Yii::app()->params['sessionTimeoutSeconds']) ;
return true;
}
} else {
return true;
}
}
and add those are in config main.php file:
'params'=>array( 'sessionTimeoutSeconds'=>1800, // 30 minute ),
I had a identical problem, even if i make authTimeout 3600 * 24 ( 24 hours ) the user still making logout in about 30 minutes.
I discovered that on php.ini there is a option:
session.gc_maxlifetime
for default this options is 24 minutes, so i changed for what i needed
session.gc_maxlifetime = 86400
24 hours. Problem Solved for me.
Hope this could help someone!
For Yii2
This solution after login for session cookies set expire time after 7 days:
'components' => [
'session' => [
'class' => 'yii\web\Session',
'cookieParams' => ['lifetime' => 7 * 24 *60 * 60]
],
For Yii2 version
In your /config/params.php set the timeout in seconds:
'sessionTimeoutSeconds' => '1800',
In you controllers/SiteController.php actionLogin() method add the following:
// Set the user session timeout
Yii::$app->session->set('userSessionTimeout', time() + Yii::$app->params['sessionTimeoutSeconds']);
Also add the beforeAction method in the SiteController.php
public function beforeAction($action)
{
if (!parent::beforeAction($action)) {
return false;
}
// Check only when the user is logged in
if ( !Yii::$app->user->isGuest) {
if (Yii::$app->session['userSessionTimeout'] < time()) {
Yii::$app->user->logout();
} else {
Yii::$app->session->set('userSessionTimeout', time() + Yii::$app->params['sessionTimeoutSeconds']);
return true;
}
} else {
return true;
}
}
In your views/layouts/main.php: Between the head DOM to add the auto refresh header to sent the app back to login view.
<? if (!Yii::$app->user->isGuest) { ?>
<meta http-equiv="refresh" content="<?php echo Yii::$app->params['sessionTimeoutSeconds'];?>;"/>
<? } ?>
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 乱世女痞 的文章《Yii users being logged out after 15-30 minutes des》','https://www.manongdao.com/article-155371.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}