Yes, one more a question about session timeout

Hi Guys.

I tried all possible solutions and guides on how to implement session timeout here in the forum. I configured the session component in the file main.php , I tried to use beforeAction function in the Controller class but without results(The session never expires, even by setting the option to allowAutoLogin = false).

How do I implement session timeout in a simpler way without using database?

Please, someone help me.

Thank you!

CWebUser.authTimeout is not what you want I guess?

Thank you very much!

I saw very complicated and complex solutions to implement such functionality, as it could be that simple?

Thus all the information stored in the session will be destroyed or do I have to implement the destruction of the session for each user?

Server side session data will remain when using authTimeout.

Is there any way I can clear Server side session using authTimeout or I have to use another method to solve this problem?

Try extending CWebUser like this:

class WebUser extends CWebUser


   public function updateAuthStatus()


      if (!$this->isGuest)



         if ($this->isGuest)







Sorry for so many questions but where do I put this class? I put it in the directory components but the function updateAuthStatus was not called.

Thank you!

Yes and what’s missing in config:

'user' => array(

   'class' => 'WebUser',


Thank you so much dude! It worked beautifully!

BTW, could you answer me a question academically? Why getting the server will slow to as the session time increases for each user?

Thank you again!

Not sure what you mean. Can you explain better? Thanks.

Yes. People says that is not so good sets long time (Seconds) to the user session because the server will get slow depending on the amount of users logged. The question is, why does this happen?


There should be a limit of course. You won’t notice any problems if you set the server-side session lifetime to 1 day for example. Though if you have a lot of traffic and you use file-based sessions, I could imagine the server will have high disk load and become slow. But if you store the sessions in a database with proper indexes then there should be no performance problem.

But does it make sense to set the lifetime to 1 day or even higher? No, because a user will not be idle for 24 hours. A user may close your site and come back the next day, that’s a difference. The session lifetime should be a little more than the average idle time of your site users. So 1 minute is too low: If I get something to drink and come back to your site, the session is gone and I have to login again. 10-30 minutes is a good value I guess.

Note (if you don’t know): You can login your users with a $duration ( Then a cookie-based login is possible if the server-side session is gone (the info stored in the cookie will rebuild the server side session).

In your case, you could set the session lifetime to the same value as $authTimeout.

Understood. Thanks for the explanation!

:lol: useful solution if there are too much information stored in the session .