Set front-end user session expiration
1,033 views
Skip to first unread message
Valentin Despa
Mar 25, 2013, 9:30:29 AM3/25/13
to joomla-de...@googlegroups.com
Hello,
I am looking for a solution to the following problem:
In a component, in frontend, I would like to build a sort of a 'shopping cart' functionality, where everything that the user adds to the cart, will be saved for a defined time (I wouldn't like to temper with JConfig->lifetime). So that users (guests or registered), when they return to the website (maybe after a week), they still have a products in the cart. Does that make sense?
I've inspected how JFactory calls JSession but I haven't found a way to set the expiration when storing data.
If it's relevant, it's for J3.x series.
Thank you in advance,
Valentin Despa
Aymeric Dourthe
Mar 25, 2013, 9:41:46 AM3/25/13
to joomla-de...@googlegroups.com
Hi,
for unlogged user I think you have to you session cookie.
For others i dont know if there is a storage mechanism to keep session alive after user leave the website.
for unlogged user I think you have to you session cookie.
For others i dont know if there is a storage mechanism to keep session alive after user leave the website.
Best regards,
Aymeric Dourthe
French web engineer
Aymeric Dourthe
French web engineer
--
You received this message because you are subscribed to the Google Groups "Joomla! General Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-gene...@googlegroups.com.
To post to this group, send an email to joomla-de...@googlegroups.com.
Visit this group at http://groups.google.com/group/joomla-dev-general?hl=en-GB.
For more options, visit https://groups.google.com/groups/opt_out.
piotr_cz
Mar 26, 2013, 4:22:01 AM3/26/13
to Joomla! General Development
Hi,
I'm working on very similar package (catalog) now and one of the
features is to remember favorite items.
At the moment I'm busy with other things, but I've taken brief thought
about this feature:
'favorite items' needs separate handling than user session because of
some differences:
In user session client-side part (cookies) have lifetime of browser
session - that means once you close the browser, cookie is destroyed
and thus link to server-side session is lost (IMHO this is disputable
if it's bug in Joomla or security feature).
Both will have different expiration time anyway (for security reasons
I can't leave user sessions opened long time).
For this reasons I'll probably need to use another place to store it
server-side (ie. JSessionStorageDatabase table '#__sessions' is being
cleaned of expired user sessions by garbage collector)
At the same time I'd like to use JSession library, I really like how
it's been done - but I'm not sure it's possible to use it if without
modifications.
So my idea is to make further research how it's been done in similar
scenarios and extend JSession library with features I need.
You can forget about using JFactory::getSession becaouse of this line:
$options['expire'] = ($conf->get('lifetime')) ? $conf->get('lifetime')
* 60 : 900;
ps:
I'd be happy to share other ideas/ solutions of the project with you.
On Mar 25, 2:30 pm, Valentin Despa <i...@vdespa.de> wrote:
> Hello,
>
> I am looking for a solution to the following problem:
>
> In a component, in frontend, I would like to build a sort of a *'shopping
I'm working on very similar package (catalog) now and one of the
features is to remember favorite items.
At the moment I'm busy with other things, but I've taken brief thought
about this feature:
'favorite items' needs separate handling than user session because of
some differences:
In user session client-side part (cookies) have lifetime of browser
session - that means once you close the browser, cookie is destroyed
and thus link to server-side session is lost (IMHO this is disputable
if it's bug in Joomla or security feature).
Both will have different expiration time anyway (for security reasons
I can't leave user sessions opened long time).
For this reasons I'll probably need to use another place to store it
server-side (ie. JSessionStorageDatabase table '#__sessions' is being
cleaned of expired user sessions by garbage collector)
At the same time I'd like to use JSession library, I really like how
it's been done - but I'm not sure it's possible to use it if without
modifications.
So my idea is to make further research how it's been done in similar
scenarios and extend JSession library with features I need.
You can forget about using JFactory::getSession becaouse of this line:
$options['expire'] = ($conf->get('lifetime')) ? $conf->get('lifetime')
* 60 : 900;
ps:
I'd be happy to share other ideas/ solutions of the project with you.
On Mar 25, 2:30 pm, Valentin Despa <i...@vdespa.de> wrote:
> Hello,
>
> I am looking for a solution to the following problem:
>
> cart' functionality, where everything that the user adds to the cart, will
> be saved for a defined time* (I wouldn't like to temper with
Valentin Despa
Mar 26, 2013, 2:27:56 PM3/26/13
to joomla-de...@googlegroups.com
Hi,
Thanks for your feedback.
Yes, I've also noticed that JFactory::getSession won't be of any help.
Basically I see 2 problems:
- the user cookie is set before we load our component and it already has the expiration set to 0. So this needs to be changed
- extending the session life in the session handler (in my case, the database).
I will look tomorrow closer into the problem and give you some info on what I've found.
Thanks,
Valentin Despa
piotr_cz
Mar 26, 2013, 3:35:14 PM3/26/13
to Joomla! General Development
expiration time of 0 is an instruction to browser to destroy cookie
when browser window is closed (http://www.php.net/manual/en/
function.setcookie.php).
If you look at JSession->_setCookieParams() (https://github.com/joomla/
joomla-cms/blob/master/libraries/joomla/session/session.php#L800)
parameters are read from php settings:
Array
(
[lifetime] => 0
[path] => /
[domain] =>
[secure] =>
[httponly] =>
)
Extending session lifetime is no solution in my case, as the session
will last till browser window is closed.
So, I'm thinking about having two sessions in parallel per user:
- One that's used in by Joomla core
- One for my component
when browser window is closed (http://www.php.net/manual/en/
function.setcookie.php).
If you look at JSession->_setCookieParams() (https://github.com/joomla/
joomla-cms/blob/master/libraries/joomla/session/session.php#L800)
parameters are read from php settings:
Array
(
[lifetime] => 0
[path] => /
[domain] =>
[secure] =>
[httponly] =>
)
Extending session lifetime is no solution in my case, as the session
will last till browser window is closed.
So, I'm thinking about having two sessions in parallel per user:
- One that's used in by Joomla core
- One for my component
piotr_cz
Apr 22, 2013, 4:01:41 AM4/22/13
to Joomla! General Development
Hi Valentin,
did you do some research to find solution?
I'll start working on this functionality since tomorrow/ wednesday
One thing that may be worth investigating is the 'remember me' option
on frontend login form.
did you do some research to find solution?
I'll start working on this functionality since tomorrow/ wednesday
One thing that may be worth investigating is the 'remember me' option
on frontend login form.
Valentin Despa
Apr 22, 2013, 5:28:40 AM4/22/13
to joomla-de...@googlegroups.com
Partially I have found something: I've managed to duplicate the session cookie and to sent another expiration:
Inside a system plugin, using the method onAfterRender()
$cookie = session_get_cookie_params();
$cookie['lifetime'] = DESIRED LIFETIME;
session_set_cookie_params($cookie['lifetime'], $cookie['path'], $cookie['domain'], $cookie['secure'], true);
The only back-draw I found was that now there are two cookies with identical name and content. I haven't noticed any side effects.
Next step would be to modify the session expiration in the database, so that it does not get deleted by the garbage collector.
How is it going for you?
Kind regards,
Valentin
piotr_cz
Apr 29, 2013, 4:48:23 AM4/29/13
to Joomla! General Development
Hi.
The project timeline has shifted and so this feature. I'm still
struggling anyway.
What I'm looking for is more something like persistent storage than
sessions.
Sessions are meant as short-lived (in Joomla it's browser session),
PHP and Joomla handling is to use 1 session per user.
At the moment I went with extending JSession package, but I want do do
so only when users will be using such functionality. Creating
additional long-lived storage for every visitor could add performance
issues (large database).
Using default Joomla session could create a problem: You would extend
it's lifetime which would add security issue for logged users (they
could stay logged in for long periods: weeks or months).
I hope I'll have better news soon.
regards,
Piotr
On Apr 22, 11:28 am, Valentin Despa <i...@vdespa.de> wrote:
> Partially I have found something: I've managed to duplicate the session
> cookie and to sent another expiration:
>
> Inside a system plugin, using the method *onAfterRender()*
> *
> *
The project timeline has shifted and so this feature. I'm still
struggling anyway.
What I'm looking for is more something like persistent storage than
sessions.
Sessions are meant as short-lived (in Joomla it's browser session),
PHP and Joomla handling is to use 1 session per user.
At the moment I went with extending JSession package, but I want do do
so only when users will be using such functionality. Creating
additional long-lived storage for every visitor could add performance
issues (large database).
Using default Joomla session could create a problem: You would extend
it's lifetime which would add security issue for logged users (they
could stay logged in for long periods: weeks or months).
I hope I'll have better news soon.
regards,
Piotr
On Apr 22, 11:28 am, Valentin Despa <i...@vdespa.de> wrote:
> Partially I have found something: I've managed to duplicate the session
> cookie and to sent another expiration:
>
> *
> *
Brad Gies
Apr 29, 2013, 5:02:44 AM4/29/13
to joomla-de...@googlegroups.com
Why not just a separate longer term cookie? Or wait for HTML5 and all
the good stuff it brings ;)
Brad.
piotr_cz
Apr 29, 2013, 5:27:40 AM4/29/13
to Joomla! General Development
Brad:
Yes, I'll code own session-like mechanism utilizing cookies.
It seem that it's not possible to have multiple sessions for one user/
browser within one application. There's only one $_SESSION. I could
close joomla session and create new one, but it's getting to hacky
(session switching).
In my case there are more advantages in storing data on server than in
HTML5 storage: removal when item is deleted, statistics and so on.
Yes, I'll code own session-like mechanism utilizing cookies.
It seem that it's not possible to have multiple sessions for one user/
browser within one application. There's only one $_SESSION. I could
close joomla session and create new one, but it's getting to hacky
(session switching).
In my case there are more advantages in storing data on server than in
HTML5 storage: removal when item is deleted, statistics and so on.
Reply all
Reply to author
Forward
0 new messages