I’m trying to setup the authTimeout to cutoff inactive user after some minutes. The authTimeout can be set by the user, so in config/web.php I have this:
'components' => [
....
'user' => [
'class' => \app\components\User::class,
'identityClass' => app\models\Utente::class,
'loginUrl'=>['user/security/login'],
],
....
]
and in app\components\User::init() I set the authTimeout based on the user preference.
<?php
namespace app\components;
use Yii;
class User extends \yii\web\User {
const minAuthTimeout = 120;
public function init() {
parent::init();
try {
if (isset(Yii::$app->user) && !Yii::$app->user->isGuest) {
$duration = null;
if ($identity = Yii::$app->user->identity) {
$duration = $identity->authTimeout;
if ($duration > 0) {
$this->authTimeout = max($duration, self::minAuthTimeout);
}
}
}
} catch (\Exception $ex) {
}
}
}
Unfortunately I have a notification route which has been checked every minute and refresh the authTimeout timer. How can I filter these requests?