phpsessionsymfony1session-timeoutsfguard

How do I invoke a custom function on sfGuard session time out in symfony

I am using sfGuard as the authentication plugin in my project. I want to invoke certain client side & server side scripts on session timeout. What is the best way I can do this.

Please help! Thanks a lot.

Solution

  • Well I've been reading the sfGuardSecurityUser and it extends the sfBasicSecurityUser class, which handles user authentication, profile, credentials, etc.

    So, I found a function in sfBasicSecurityUser that determines whether a users sessions is timed put called isTimedOut, and also setTimedOut.

    If you want to do something when user's session times out, at least on server side, you should listen to the event that is throw when this happens. Check this method:

    This could be found in the symfony_core_root_dir/lib/user/sfBasicSecurityUser.class.php

      public function initialize(sfEventDispatcher $dispatcher, sfStorage $storage, $options = array())
  {
    // initialize parent
    parent::initialize($dispatcher, $storage, $options);

    if (!array_key_exists('timeout', $this->options))
    {
      $this->options['timeout'] = 1800;
    }

    // force the max lifetime for session garbage collector to be greater than timeout
    if (ini_get('session.gc_maxlifetime') < $this->options['timeout'])
    {
      ini_set('session.gc_maxlifetime', $this->options['timeout']);
    }

    // read data from storage
    $this->authenticated = $storage->read(self::AUTH_NAMESPACE);
    $this->credentials   = $storage->read(self::CREDENTIAL_NAMESPACE);
    $this->lastRequest   = $storage->read(self::LAST_REQUEST_NAMESPACE);

    if (null === $this->authenticated)
    {
      $this->authenticated = false;
      $this->credentials   = array();
    }
    else
    {
      // Automatic logout logged in user if no request within timeout parameter seconds
      $timeout = $this->options['timeout'];
      if (false !== $timeout && null !== $this->lastRequest && time() - $this->lastRequest >= $timeout)
      {
        if ($this->options['logging'])
        {
          $this->dispatcher->notify(new sfEvent($this, 'application.log', array('Automatic user logout due to timeout')));
        }

        $this->setTimedOut();
        $this->setAuthenticated(false);
      }
    }

    $this->lastRequest = time();
  }

    For client side, you might start thinking about HTML 5 and Javascript Workers. The idea could be setting a worker when page loads, and telling him count till session_time_out, then redirecting to a login page or something.