Tuesday, March 8, 2022

[FIXED] Yii users being logged out after 15-30 minutes despite session timeouts being set to at least 1 day

      , , , ,      No comments   

Issue

I've included the relevent parts of our Yii config file below:

return array(
...
    'components'=>array(
        'session' => array(
            'timeout' => 86400,
        ),
        'user'=>array(
            'allowAutoLogin' => true,
            'autoRenewCookie' => true,
            'authTimeout' => 31557600,
        ),
    ...
    ),
...
);

I have also been into php.ini and set session.gc_maxlifetime = 86400 but this still hasn't fixed the problem.

Currently, Im absolutely at a loss as to what else could be causing it to timeout and log the user out after roughly 15-30 minutes of inactivity. Ideally users should remain logged in for at least a day of inactivity (and beyond closing the browser window, browser preferences allowing).

I've trawled google, Yii and stack overflow and just can't find anything that I'm overlooking... but clearly I am overlooking something. If anyone can help me out I'd be very grateful.

A sample of typical code that we are using to log in the users was requested and is included below:

$identity = new UserIdentity('facebook', $id, $user->name, $user->email);
$loggedIn = Yii::app()->user->login($identity);
$this->subscriptionChecker->updateCurrentUserSubscribed();

This is pretty typical of any time that Yii::app()->user->login() is called

From Chrome, here are the cookies I have for the site and their expiries (after clearing all cookies and just logging in):

PHPSESSID expires When the browsing session ends

// I'm informed these are set by google analytics  
__utma created Friday, 12 October 2012 14:05:31 expires Sunday, 12 October 2014 14:05:31

__utmb created Friday 12 October 2012 14:05:31 expires Friday 12 October 2012 14:35:31,

__utmc created Friday, 12 October 2012 14:05:31 expires When the browsing session ends

__utmz created Friday 12 October 2012 14:05:31 expires Saturday 13 April 2013 02:05:31  
// end google analytics

Solution

http://www.yiiframework.com/doc/api/1.1/CWebUser#login-detail

Thanks to help from Arfeen who pointed me in the right direction, unless you set the second parameter of Yii::app()->user->login() it turns out that Yii will not use a persistent cookie, as the second parameter defaults to 0. This default 0-value overrides anything else you might have set to do with timeouts.



Answered By - Tom Busby

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...