Zend Framework 2 (ZF2) auth session refresh using storage

Question

I have looked all over and I can see where people have created the initial session for ZF2 auth, remember me's, etc, but I can't find where people are updating the session when there is activity. Basically, I already have an authentication (with doctrine) system and my current solution and I set up the following configuration setting:

return array (
    'session' => array(
        'cookie_lifetime' => 1800, // 30 min
        'remember_me_seconds' => 1800, // 30 min
        'use_cookies' => true,
    ),
);

Then what I am trying to do is RELOAD this on every request like this: NOTE: I have code that only does this if the user is already logged in.

class Module
{
    public function onBootstrap(EventInterface $e)
    {
        $this->getEventManager()->attach('route', array($this, 'onRoute'), -100);
    }

    public function onRoute(EventInterface $e)
    {
        $sessionConfig = new SessionConfig();
        $sessionConfig->setOptions($config['session']);
        $sessionManager = new SessionManager($sessionConfig);
        $sessionManager->rememberMe($config['session']['remember_me_seconds']);
        $sessionManager->start();
    }
}

My basic need is I'm trying to refresh the session (server and client) anytime there is a request, but 1. it feels like I'm re-creating it every time and 2. Sometimes the session seems to randomly die. I think this is because the original session dies after the 30 min I set it to.

Any advice?

What do you mean by refresh? Are you trying to increase the session lifetime anytime there is a request? — Andy Librian, Apr 07 '14 at 23:11
That's exactly right. So if we assume the person is logged in already and we assume the session is set to 30 minutes... I want the session to reset to 30 min with every request. Basically the session will only die if there are no requests in 30 min. — Ponch92, Apr 08 '14 at 16:54
http://stackoverflow.com/questions/1236374/session-timeouts-in-php-best-practices — Andy Librian, Apr 08 '14 at 22:17
Thank you Andy Librian... This answered my question basically. I couldn't find this! http://stackoverflow.com/questions/1236374/session-timeouts-in-php-best-practices — Ponch92, Apr 08 '14 at 23:29

score 0 · Answer 1 · answered Apr 07 '14 at 23:21

0

PHP should be updating the session time for you, you don't need to do it manually.

Also, don't call rememberMe() on every request, as this will generate a new session token (assuming the session already exists).

answered Apr 07 '14 at 23:21

Tim Fountain

33,093
5
41
69

So, you're saying that on every request, PHP already does this? Ok I need to test this out. I'm going to slap myself if it is that easy. Basically what I think you're saying is that I don't need to do this onRoute, only after login 1 time, right? – Ponch92 Apr 08 '14 at 16:57
SO the test I just did: I set up the session upon login only. The session expired in the configured time - not paying attention to requests. Requests didn't start the session time over again. I'm going to try updating on every request again except without doing the "rememberMe." – Ponch92 Apr 08 '14 at 18:57

Zend Framework 2 (ZF2) auth session refresh using storage

1 Answers1