I tried all possible solutions and guides on how to implement session timeout here in the forum. I configured the session component in the file main.php , I tried to use beforeAction function in the Controller class but without results(The session never expires, even by setting the option to allowAutoLogin = false).
How do I implement session timeout in a simpler way without using database?
class WebUser extends CWebUser
{
public function updateAuthStatus()
{
if (!$this->isGuest)
{
parent::updateAuthStatus();
if ($this->isGuest)
{
Yii::app()->session->destroy();
}
}
}
}
Yes. People says that is not so good sets long time (Seconds) to the user session because the server will get slow depending on the amount of users logged. The question is, why does this happen?
There should be a limit of course. You won’t notice any problems if you set the server-side session lifetime to 1 day for example. Though if you have a lot of traffic and you use file-based sessions, I could imagine the server will have high disk load and become slow. But if you store the sessions in a database with proper indexes then there should be no performance problem.
But does it make sense to set the lifetime to 1 day or even higher? No, because a user will not be idle for 24 hours. A user may close your site and come back the next day, that’s a difference. The session lifetime should be a little more than the average idle time of your site users. So 1 minute is too low: If I get something to drink and come back to your site, the session is gone and I have to login again. 10-30 minutes is a good value I guess.
Note (if you don’t know): You can login your users with a $duration (http://www.yiiframework.com/doc/api/1.1/CWebUser#login-detail). Then a cookie-based login is possible if the server-side session is gone (the info stored in the cookie will rebuild the server side session).
In your case, you could set the session lifetime to the same value as $authTimeout.