Trigger An Action When Session Expires

Yii 1.1 General Discussion
1

Hi all,

As I use CJuiDialog with Iframe for all my crud action I was wondering how trigger an action when session expires. Concretely I would like to do a refresh in order to redirect automatically to login page. Indeed, when session expires, if user try to go on another page it will be redirect to login page. However if user click on crud action a dialog opens and with the ifram of the login page… Which is particularly ugly because size unfit… So my will would like to automatically refresh page when session expires, then user will see directly login page when he comes back… Moreover for security it’s safe to do this way. If page displays sensible information for example…

thanks.

2

Any idea ?

3

If you would use an AJAX request to load the dialog contenst you could set the CWebUser.loginRequiredAjaxResponse property, see more here:

http://www.yiiframework.com/doc/api/1.1/CWebUser#loginRequiredAjaxResponse-detail

I think you would have to extend the CWebUser class and override the loginRequired() method where you would detect somehow if you are loading contents of an iframe. Maybe add an extra GET param.

Or in the JS code that populates the iframe detect if the loaded contents contain the login form. If so, redirect the parent window.

4

Dear Friend

I hope the following may be helpful.

1.Override the session timeout in main configuration file.




'components'=>array(

		'user'=>array(


			// enable cookie-based authentication

			'allowAutoLogin'=>true,


			'authTimeout'=>300,//5 minutes.  

		),

.....

2.Then register the following script in main layout file.




<?php

$user=Yii::app()->user;

if(!$user->getIsGuest())

{

   $time= ($user->getState(CWebUser::AUTH_TIMEOUT_VAR) - time()+2)*1000;//converting to millisecs

   Yii::app()->clientScript->registerSCript('timeout','

     setTimeout(function(){

                  window.location="'.Yii::app()->createUrl("site/login").'"  ;

                },'.$time.')',CClientScript::POS_END);

}

?>

I took additional 2 seconds to redirect to login page. If I do it exactly on session timeout, it regenerates

session and user gets login status.

5

That’s actually pretty cool. It would be even better to print out a good message why the page redirected itself.

6

thanks very much guys. Just wondering, is the cookie-based authentication less secure than session-based authentication ??