Understanding Session - sample app
131 views
Skip to first unread message
Elena Cenacchi
Mar 22, 2016, 11:05:55 AM3/22/16
to Joomla! Framework Development
Hi,
I have developed my App using the Joomla Framework and, as starting point, this very useful sample App: https://github.com/dbhurley/framework-app
Now I would like to enhance my app with Login-Logout capabilities and I have some issues with the Session class.
1) I can't understand why a session is always started, no matter if I explicitly start it or not. I've found in the App.php code the following function:
public function getSession()
{
if (is_null($this->newSession))
{
$this->newSession = new Session;
$this->newSession->start();
}
return $this->newSession;
}
But by searching all the app files, this function is never called...is there anyone that knows where and how the session is actually started?
2) The session never expires.
Inside the framework Joomla/Session/Session.php file, the following is declared:
Can you give me some hints?
Thanks
Elena
I have developed my App using the Joomla Framework and, as starting point, this very useful sample App: https://github.com/dbhurley/framework-app
Now I would like to enhance my app with Login-Logout capabilities and I have some issues with the Session class.
1) I can't understand why a session is always started, no matter if I explicitly start it or not. I've found in the App.php code the following function:
public function getSession()
{
if (is_null($this->newSession))
{
$this->newSession = new Session;
$this->newSession->start();
}
return $this->newSession;
}
But by searching all the app files, this function is never called...is there anyone that knows where and how the session is actually started?
2) The session never expires.
Inside the framework Joomla/Session/Session.php file, the following is declared:
| /** * Maximum age of unused session in minutes * * @var string * @since 1.0 */ protected $expire = 15; So I understand that an unused session lifetime is 15 minutes, but that does not work: the session keeps its open state even after days. |
Thanks
Elena
Walt Sorensen
Mar 29, 2016, 12:02:21 PM3/29/16
to Joomla! Framework Development
I don't know much about how session works, but I have seen some code "keep alive" a session even though there is no actual user interaction happening.
Example, under some circumstances editing an article in the CMS will "keep alive" a session long past any session expiration time limit.
Example, under some circumstances editing an article in the CMS will "keep alive" a session long past any session expiration time limit.
I believe this is mostly expected behavior, from my understanding the "expiration" is really the limit of when the session should close if there are no "user actions".
But I'm not sure what event's constitute "user actions", when an action should start a "keep alive" process (like editing) or what will kill a "keep alive" process to allow the session expiration timer to restart.
Elena Cenacchi
Apr 5, 2016, 8:58:05 AM4/5/16
to Joomla! Framework Development
Hi, thanks Walt for your answer.
What sounds strange is that whenever I access the inedx.php, the session is already open...and I can't find a way to manage the session inside the Joomla! Framework sample app.
I am not so sure that the session is opened by the Joomla! Session class...could it be some non-Joomla! class? Symphony maybe?
Elena
What sounds strange is that whenever I access the inedx.php, the session is already open...and I can't find a way to manage the session inside the Joomla! Framework sample app.
I am not so sure that the session is opened by the Joomla! Session class...could it be some non-Joomla! class? Symphony maybe?
Elena
Walt Sorensen
Apr 5, 2016, 5:18:38 PM4/5/16
to Joomla! Framework Development
I believe a session starts on the first visit, even if the user is a "guest. logging in changes the session information to reflect that the user is not a guest but an authenticated user.
I think it works out to 1 user = 1 session. Sessions always start on first visit.
I think that's typical of all session packages.
but it looks like your using Symfony\Component\HttpFoundation\Session\Session for your sessions, so you should look at the documentation on that.
I think it works out to 1 user = 1 session. Sessions always start on first visit.
I think that's typical of all session packages.
but it looks like your using Symfony\Component\HttpFoundation\Session\Session for your sessions, so you should look at the documentation on that.
Elena Cenacchi
Apr 18, 2016, 10:01:51 AM4/18/16
to Joomla! Framework Development
Hi Walt, thanks!
I also believe I'm using Symphony Session. I'm trying to figure out how/where to set the expiration time.
It's ok for me to aoutomatically start the session on first visit, but I would like to expire after some time from the last event on page.
I'll let you know what I find out.
Elena
Elena Cenacchi
Apr 18, 2016, 10:10:44 AM4/18/16
to Joomla! Framework Development
I now found that Symphony session lifetime is bound to
session_get_cookie_params()which by default is 0, meaning the session is destroyed when the browser is closed.
Elena
Reply all
Reply to author
Forward
0 new messages