0

I'm having a "weird" issue in a application I'm working on and so far I can't find a fix for this. The application use Symfony2.6.x and relies in several Ajax calls. All the time request are made through Ajax. So, when I login into the app (uses FOSUserBundle) Symfony automatically start a new session, right? Ok, from that moment until the time defined at config.yml (see config below) for session lifetime the application still working but at some point I got redirected to the login page and session is closed even if I'm actively working on the app. My best approach is that AJAX calls are not taken into account for the lifetime of a session in Symfony or in PHP, I'm right?

My best approach and solution for this issue, do not know if I'm right and neither have tried, I want to listen the opinion of some here in SO, is to regenerate the ID of the session (by calling migrate() on the current active session) each time an AJAX call is made so this way the session would maintain active, is that approach correct? Any advice around this?

This is my configuration at config.yml for session section:

config.yml

framework:
    session:
        # session will expire after 10 minutes of inactivity 
        handler_id:  ~
        cookie_lifetime: 2400 
        gc_maxlifetime: 600 # session will expire after 10 minutes of inactivity
        gc_probability: 0
        gc_divisor: 100

Note: this post and this other from me talks about the same basically but I still not fixing this issue and it's killing my app and my head trying to find a solution.

Community
  • 1
  • 1
ReynierPM
  • 17,594
  • 53
  • 193
  • 363

1 Answers1

2

Questions:
- do you work remotely? If so, do you have the changes at your end auto-saved instantly on the server or you need to save them manually to become operational?
- have you timed the length of your real session (from login to being cut-off)? Is it the same length of time?
Guestimate:
Without the above, I believe your problem to be the settings of the session expiry settings and there might be an event somewhere on the line (between you and the server) which triggers the reset of the session. [Have you tried to work with two windows opened? You know, login and then work in a different window but keep the post login one opened...]
If it's because of a short session settings than please try the following:
php_value session.cookie_lifetime 0
php_value session.gc_maxlifetime 60000
That gives you plenty of session time or until you close the browser/cut the connection...

  • What you mean with _work remotely?_ I not following you on this answer. As for the second answer, no I didn't but if the session expire is set to 10 min and I pass 15 min actively working on the page, why it closes? That's my concern. What I need with this is easy: if user is not working in the app cause he/she quit or just leave the window|browser open and leaves then when this happen and times count 10 min the application should end (goes to login screen) otherwise should keep working as normal. I've tried with several settings for session expiry without success so I don't think so – ReynierPM Apr 03 '15 at 00:24
  • Are you working on the machine or are you tunneling to it? That's what I was asking... –  Apr 03 '15 at 00:39
  • Ah yes, I've a virtual machine running CentOS synchronized with Windows host time and date so site is on virtual machine, this answer your question? – ReynierPM Apr 03 '15 at 00:43
  • Because the login interface pops-up it means you have an event that triggers it! It has to be a timer of some sort. By timing how long the working session is live you should get a same Xamount of time. Than, just peruse the config code on the server to find the same Xamount and there is your trigger!!! –  Apr 03 '15 at 00:43
  • Yes I have a trigger asking every 13 min if session is alive but again, why if I'm working on the site the session gets closed? – ReynierPM Apr 03 '15 at 00:46
  • Or, if it isn't a constant Xamount of time between login and reset than it has to do with your client side mishandling the cookies: if the server is not anymore detecting the fingerprint on the client machine than is simply assuming that to be a new client, hence the login poping-up... I hope it helps! –  Apr 03 '15 at 00:46
  • It could help to check $.ajaxSetup on your machine, as well. It could be a cache handling issue... [cache: false] –  Apr 03 '15 at 00:50
  • If I were you I would try working both with and without su credentials, to see if for a sudo the reset occurs as well... –  Apr 03 '15 at 00:52
  • Dear Taifun, each of the questions above are clarifying one or several aspects of the problem described by ReynierPM!!! –  Apr 04 '15 at 08:45