How to implement Session Timeout?

I am a beginner learning to use this wounderful PHP framework. I wanted to implement session timeout in my application. I did a lot of search but could not find steps simple enough for me to understand. Well, I managed to implement Session Timeout in my application. I decided to put it here, just in case someone else may find it useful. And, experts may comment if there is any flaw in this implementation.

First I created a session timeout parameter that holds the timeout value. (Store it in proteced\config\main.php or your parameters files, e.g. protected\config\params.php)


	'sessionTimeoutSeconds'=>300,  //timeout value in seconds 


Next, in the authenticate() function of protected\components\UserIdentity.php, use the following command to store the time when the tiemout should happen in a user session variable after successful login.

                        // Define sessiotimeout value

                        yii::app()->user->setState('userSessionTimeout', time()+Yii::app()->params['sessionTimeoutSeconds']    );

Next, in the protected\components\Controller.php, add the following function:

        public function beforeAction(){

            // Check only when the user is logged in

            if ( !Yii::app()->user->isGuest)  {

               if ( yii::app()->user->getState('userSessionTimeout') < time() ) {

                   // timeout


                   $this->redirect(array('/site/SessionTimeout'));  //

               } else {

                   yii::app()->user->setState('userSessionTimeout', time() + Yii::app()->params['sessionTimeoutSeconds']) ;

                   return true; 


            } else {

                return true;



The beforeAction() code runs before any action runs. Notice that the code checks if time stored in userSessionTimeout has passed only for logged-in users. (Thus if the user is not logged in, all pages that do not require login will continue to work.). In case of sessiontimeout, it logs out the user and calls the SessionTimeout action in the Site controller. So, add the following code in the SiteController.

	public function actionSessionTimeout()




actionSessionTimeout() just renders views\site\sessiontimeout.php view file where you can display a suitable message. Here is a simple views\site\sessiontimeout.php file.


$this->pageTitle=Yii::app()->name . ' - Session Timeout';


<h1>Session timeout</h1>

<div class="error">

<?php echo CHtml::encode('Session timed out. Please login again to continue.'); ?>


Note: The above scheme does not take care of Ajax callbacks.

You can do in config:

'components' => array(


   'session' => array(

      'timeout' => 300,




But without custom modifications like yours, Yii is unable to serve a session-expired page. You really need this? Isn’t a redirect to the login page enough?

I can do without displaying custom session-expired page. I tried you the code you have suggested in the ‘components’ array, as well as the following code.

               'session' => array(

                   'timeout' => 60,

                   'cookieMode' =>'only',

                   'cookieParams' => array('secure' => false, 'httponly' => false),


However, my session never expires. Am I missing something?

I’ve also set timeout (left other vars defaulted), and I don’t see sessions timing out.

I can leave my browser open from last night, refresh the page, and my session is still available.

That’s my solution to define a timeout for session with a redirect/refresh after expired session.

protected/config/main.php : (define the session timeout)

$sessionTimeout = 5; // 5 secondes

return array(



		'session' => array(

			'class' => 'CDbHttpSession',

			'timeout' => $sessionTimeout,




protected/config/params.php :

// this contains the application parameters that can be maintained via GUI

return array(

	'session_timeout'=> $sessionTimeout,


protected/views/layout/main.php : (define the refresh)



&lt;?php if (&#33;Yii::app()-&gt;user-&gt;isGuest) {?&gt;

	&lt;meta http-equiv=&quot;refresh&quot; content=&quot;&lt;?php echo Yii::app()-&gt;params['session_timeout'];?&gt;;&quot;/&gt;

&lt;?php }?&gt;





Oh my God .,

Every thing is working fine , Some of guys say ajax is not working in session time out

simple thing we need to check in



    &lt;?php if (&#33;Yii::app()-&gt;user-&gt;isGuest) {?&gt;

            [b]&lt;meta http-equiv=&quot;refresh&quot; content=&quot;&lt;?php echo Yii::app()-&gt;params['session_timeout'];?&gt;;&quot;/&gt;[/b]

    &lt;?php }?&gt;


Its not taken a value from what we set in main.php that’s a problem i solve it , get a value or set a value in proper way. <?php echo ‘900’;?> use like this its working

Thanks guys.

But i still confused , if user login failed in 3 times , i want to block login from session with time delay … somebody , help me please to resolve my problem . Thanks . :)

Hi Guys I found out that if you put it inside the params array of the config/main.php, you will be able to display the value using <?php echo Yii::app()->params[‘session_timeout’];?> instaead of <?php echo ‘900’ ?> Try it.

Hi Guys I found out that if you put it inside the params array of the config/main.php, you will be able to display the value using <?php echo Yii::app()->params[‘session_timeout’];?> instaead of <?php echo ‘900’ ?> Try it.

Hi friends,

Try this who will have a session timeout problem in cgridview ,

Just small condition to solve , After long time i found

Set inside your cgridview.


If it is set false, it means sorting and pagination will be performed in normal page requests

 * instead of AJAX requests. If the sorting and pagination should trigger the update of multiple

 * containers' content in AJAX fashion, these container IDs may be listed here (separated with comma).

Enjoy yii,

[size=2][color="#006400"]/* moved to Yii 1.1 help forum /*[/color][/size]

You can also check out my timeout-dialog extension which pops up a Javascript dialog on session timeout.

(shameless plug)

Thanx, it works for me to redirect to logout page. (y)

The timeout-dialog is a nice way to implement a user-friendly session timeout. Just beware that the current implementation does not play well when users have multiple browser tabs open that are using the same session. User can get logged out of their current tab by a background one and not know it.

hi guys…

I am creating a chat application in yii and new to this …i had used yii chat extension and its works fine…but now i want enable the notification that is a new message came this user like somewhat…i planed to this using session …Can any one suggest me how do ??