0

How do I reset the time of the Symfony session as long as there is activity of the user logged into the application.

in config.yml:

cookie_lifetime: 3600 # 1 hour

in parameters.yml

session_ttl: 3600

I want that after 50 minutes if the user performs an action in the application, the time of the session goes back to 1 hour.

Does anyone know of a solution to do this?

Jason Roman
  • 8,146
  • 10
  • 35
  • 40
Constant Langnito
  • 1
  • 2
    Possible duplicate of [How can I refresh the session during a POST request?](https://stackoverflow.com/questions/8611247/how-can-i-refresh-the-session-during-a-post-request) – Nico Haase Jun 27 '18 at 09:54

2 Answers2

3

The session cookie lifetime is to be updated on every request to your application.

A good place to do this is an event listener, I prefere to use subsribers instead of listeners so I will use a subscriber for this example, but a listener may be used too.

Since we want to send a cookie to the browser, we will listen to the kernel.response event.

<?php

namespace App\EventSubscriber;

use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\Cookie;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
use Symfony\Component\HttpKernel\KernelEvents;

class RequestSubscriber implements EventSubscriberInterface
{
    public static function getSubscribedEvents()
    {
        // return the subscribed events, their methods and priorities
        return [
            KernelEvents::RESPONSE => [
                ['refreshSessionCookie', 0],
            ],
        ];
    }

    public function refreshSessionCookie(ResponseEvent $event)
    {
        $session = $event->getRequest()->getSession();
        if ($session->isStarted()) {
            $response = $event->getResponse();
            $lifetime = 3600;
            $cookie = new Cookie($session->getName(), $session->getId(), time() + $lifetime);
            $response->headers->setCookie($cookie);
        }
    }
}

You may also need to set the gc_maxlifetime to make sure that the session file isn't deleted on the server side, and lost a user session even if the cookie is alive, in framework.yaml:

framework:
    session:
        gc_maxlifetime: 86400 # 1 day
Ermac
  • 1,181
  • 1
  • 8
  • 12
  • cookie lifetime is to be updated on every request. Do you have any idea why it's refreshed for each request ? – famas23 Dec 21 '22 at 09:36
  • Hi that's the solution to the problem we have to keep the user "logged", so whenever the user's web browser send a request to the server, we respond to say please keep the session cookie alive the next hour, if we do not say so, the browser would delete the cookie after the first one hour of the user connection... – Ermac Dec 22 '22 at 00:12
  • Oh Hi, thank you, yeah it's weird, do you understand why symfony does not update the cookie lifetime same that they updating session lifetime after each request? – famas23 Dec 22 '22 at 11:32
  • 1
    @famas23 sorry for late answer but, as i understand things, first of all session is mainly managed by PHP itself, Symfony simply provides some shortcuts to PHP session configuration and maybe some helper classes. Sessions must be seen on both sides, client side and server side to be understood, the first time a session is created, it is created in the server side by PHP, PHP creates a file in the server named after a "session id", where PHP puts session variables and will keep track of their values during upcoming client-server communication, when PHP finishes execution and send response ... – Ermac Jan 23 '23 at 03:39
  • 1
    @famas23 ... to the client, it sends a "session cookie" with the "session id", so the client will send it every upcoming request (as much as it is alive) so the servers knows the session of the "user" with this cookie. By default PHP sends a cookie with a lifetime equals to 0 which means the cookie is deleted whenever the user closes his browser. But a developer can changes this by defining a lifetime to the "session cookie", that's what we did in this example ... – Ermac Jan 23 '23 at 04:11
  • 1
    @famas23 ... Note that the session file in the server side also has a lifetime that is defined in the PHP.ini with the [session.gc_maxlifetime option](https://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime). So the "session cookie" (client side) lifetime is very tied with the "session sever file" (server side) lifetime, if one of them is expired (deleted) the session is ended. Also see [Session configuration options](https://www.php.net/manual/en/session.configuration.php) and [PHP Sessions](https://www.php.net/manual/en/session.configuration.php) – Ermac Jan 23 '23 at 04:17
  • Oh that you so much for your answers, I really appreciate @Baraka But why the solution you proposed is not already implemented by default by Symfony, why by default when we configure framework.session.cookie_liftetime allows renewing the php session but not renewing the expires field of the client cookie? – famas23 Jan 23 '23 at 20:23
  • 1
    Note that it is not renewing the php session, I think that php session file (in the server) can't be renewed at all, you can simply put it in a very long lifetime like i noticed in my stackoverflow answer (gc_maxlifetime to 1 day for a session cookie of 1 hour). And why symfony doesn't renew the client cookie, maybe because their intended behavior is to only set it once, so it sends the cookie response only and only if the client didn't send the cookie in the request, so only in the very first time in session creation, and whenever it is deleted (the client did not send it). – Ermac Jan 23 '23 at 23:58
-1

in config.yml : 

framework:
//
  session:
      //
      cookie_lifetime: 3600 // was "lifetime" but deprecated
      //

you can change this value ..

Haythem Mrad
  • 37
  • 5