6

My symfony application (3.4.8) seems to ignore any attempts to prolong the session. What would be the best course of action to troubleshoot this issue? The documentation is very vague.

app/config/security.yml

security:
    encoders:
        FOS\UserBundle\Model\UserInterface: bcrypt

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username


        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                csrf_token_generator: security.csrf.token_manager
                default_target_path: /


            logout:       true
            anonymous:    true
            remember_me:
                secret:   '%secret%'
                lifetime: 28000
                path:     /
            access_denied_handler: app.security.access_denied_handler

config.yml

framework:
    lock:   'semaphore'
    #esi:             ~
    #translator:      { fallbacks: ["%locale%"] }
    secret:          "%secret%"
    router:
        resource: "%kernel.root_dir%/config/routing.yml"
        strict_requirements: ~
    form:            ~
    csrf_protection: ~
    validation:      { enable_annotations: true }
    #serializer:      { enable_annotations: true }
    templating:
        engines: ['twig']
    default_locale:  "%locale%"
    trusted_hosts:   ~
    trusted_proxies: ~
    session:

        handler_id:  session.handler.native_file
        save_path:   "/tmp"
        cookie_lifetime: 28800
    fragments:       ~
    http_method_override: true
    assets: ~
user1029829
  • 941
  • 3
  • 16
  • 34
  • what is your requirement? disable logged out? or increase logged out time like 60 min instead of 15 min? – Samiul Amin Shanto Jun 02 '18 at 07:19
  • Be able to change it like for instance to 60 mins instead of 15 mins. Whatever is in the documentation seems to be ignored. – user1029829 Jun 04 '18 at 06:05
  • Try making the `remember_me: lifetime` and `session: cookie_lifetime` values larger. https://stackoverflow.com/questions/5933774/symfony2-session-lifetime – Daniel R. Livingston Jun 06 '18 at 22:41
  • I tried and it didn't work. The value gets ignored completely. – user1029829 Jun 09 '18 at 21:11
  • @user1029829 Please, check that the cookie was accepted by browser and has non empty value. Then provide access_control section. And check other answers https://stackoverflow.com/questions/44138629/symfony-fosuserbundle-remeber-me-doesnt-work and https://stackoverflow.com/questions/7459760/remember-me-functionality-not-working-in-symfony2. They may be helpful. – maches Jun 12 '18 at 23:45

3 Answers3

0

Maybe if you try this in your config: session: cookie_lifetime: 18000 gc_maxlifetime: 18000

Hope it helps !

Jasson Rojas
  • 299
  • 3
  • 12
0

Judging by this:

handler_id: session.handler.native_file

you're using a native session handler. From Symfony documentation:

So-called native handlers, are save handlers which are either compiled into PHP or provided by PHP extensions, such as PHP-Sqlite, PHP-Memcached and so on.

All native save handlers are internal to PHP and as such, have no public facing API. They must be configured by php.ini directives, usually session.save_path and potentially other driver specific directives.

Inspecting the NativeFileSessionHandler I've found no methods relating to session duration. That leads me to the conclusion that you have to set the duration on the PHP level, not on the Symfony level.

So, try setting the session.gc-maxlifetime (in your php.ini or calling ini_set) to 3600.

Community
  • 1
  • 1
Небојша Камбер
  • 678
  • 5
  • 15
0

your setting will log out if you are inactive for more than 30 minutes.

You can add following in your yml file

#app/config/config.yml
session:
    cookie_lifetime: 86400
    gc_maxlifetime: 1800
    gc_probability: 1
    gc_divisor: 1
Chirag Vora
  • 242
  • 3
  • 10