Timeout Not Working For Chttpsession

mahesheu · November 21, 2013, 8:02am

Hello all,

I was trying to do a sessiontimeout if a user is idle for 30 minutes.After that he should login again… but this is not working. I am using CHttpSession. However if i give CDbHttpSession this is working fine

this is my code

Not Working


'user' => array(

            'class' => 'WebUser',

            'loginUrl' => array('site/loginaccount'),

            'allowAutoLogin' => true,

        ),

		// uncomment the following to enable URLs in path-format

		'session' => array(

           'class'=>'CHttpSession',

            'timeout'=>$params['session_timeout'],

            'autoStart'=>true,

        ),

Working


'user' => array(

            'class' => 'WebUser',

            'loginUrl' => array('site/loginaccount'),

            'allowAutoLogin' => true,

        ),

		// uncomment the following to enable URLs in path-format

		'session' => array(

           'class'=>'CDbHttpSession',

            'timeout'=>$params['session_timeout'],

            'autoStart'=>true,

        ),

Is there anything else to make this work for CHttpSession ? Due to some reasons i cannot use CDbHttpSession in my web application

nineinchnick · November 21, 2013, 6:25pm

Setting the timeout for CHttpSession just sets the session.gc_maxlifetime PHP setting. If you run your application or Debian or Ubuntu, their default PHP has the garbage collector disabled and runs a cron job to clean it up.

In my apps I set the session dir somewhere in protected/runtime to separate my session from other apps. This is important on shared hosting sites and it’s a good habbit. The downside is that I have to remember to set up a cronjob to clean the files in that folder.

Anyway, you should also set a timeout when calling CWebUser.login to log in a user.