-
-
Notifications
You must be signed in to change notification settings - Fork 5.2k
[WCM] Idle sessions expiration cookbook recipe. #4576
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 2 commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -25,3 +25,4 @@ Security | |
target_path | ||
csrf_in_login_form | ||
named_encoders | ||
session_expiration |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,155 @@ | ||
.. index:: | ||
single: Security; Expiration of Idle sessions | ||
|
||
Expiration of Idle sessions | ||
=========================== | ||
|
||
To be able to expire idle sessions, you have to activate the ``session_expiration`` | ||
firewall listener: | ||
|
||
.. configuration-block:: | ||
|
||
.. code-block:: yaml | ||
|
||
# app/config/security.yml | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
security: | ||
firewalls: | ||
main: | ||
# ... | ||
session_expiration: ~ | ||
|
||
.. code-block:: xml | ||
|
||
<!-- app/config/security.xml --> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
<?xml version="1.0" encoding="UTF-8"?> | ||
<srv:container xmlns="http://symfony.com/schema/dic/security" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xmlns:srv="http://symfony.com/schema/dic/services" | ||
xsi:schemaLocation="http://symfony.com/schema/dic/services | ||
http://symfony.com/schema/dic/services/services-1.0.xsd"> | ||
|
||
<config> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please add a blank line before this element (same below). |
||
<firewall> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think you forgot here the firewall name |
||
<!-- ... --> | ||
<session-expiration /> | ||
</firewall> | ||
</config> | ||
|
||
</srv:container> | ||
|
||
.. code-block:: php | ||
|
||
// app/config/security.php | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
$container->loadFromExtension('security', array( | ||
'firewalls' => array( | ||
'main'=> array( | ||
// ... | ||
'session_expiration' => array(), | ||
), | ||
), | ||
)); | ||
|
||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You have a double empty line here. Could you please remove one of them? |
||
To adjust the max idle time before the session is marked as expired, you can | ||
set the ``max_idle_time`` option value in seconds. By default the value of this | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think I prefer "By default, the value [...]" (note the comma) |
||
option is equal to the ``session.gc_maxlifetime`` configuration option of PHP. | ||
The ``max_idle_time`` option value **should be less or equal** to the | ||
``session.gc_maxlifetime`` value. | ||
|
||
.. configuration-block:: | ||
|
||
.. code-block:: yaml | ||
|
||
# app/config/security.yml | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
security: | ||
firewalls: | ||
main: | ||
# ... | ||
session_expiration: | ||
max_idle_time: 600 | ||
|
||
.. code-block:: xml | ||
|
||
<!-- app/config/security.xml --> | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<srv:container xmlns="http://symfony.com/schema/dic/security" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xmlns:srv="http://symfony.com/schema/dic/services" | ||
xsi:schemaLocation="http://symfony.com/schema/dic/services | ||
http://symfony.com/schema/dic/services/services-1.0.xsd"> | ||
|
||
<config> | ||
<firewall> | ||
<!-- ... --> | ||
<session-expiration max-idle-time="600"/> | ||
</firewall> | ||
</config> | ||
|
||
</srv:container> | ||
|
||
.. code-block:: php | ||
|
||
// app/config/security.php | ||
$container->loadFromExtension('security', array( | ||
'firewalls' => array( | ||
'main'=> array( | ||
// ... | ||
'session_expiration' => array( | ||
'max_idle_time' => 600, | ||
) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. there is missing a comma here (same in the code example below) |
||
), | ||
), | ||
)); | ||
|
||
By default, when an expired session is detected, an authorization exception is | ||
thrown. If the option ``expiration_url`` is set, the user will be redirected | ||
to this URL and no exception will be thrown: | ||
|
||
.. configuration-block:: | ||
|
||
.. code-block:: yaml | ||
|
||
# app/config/security.yml | ||
security: | ||
firewalls: | ||
main: | ||
# ... | ||
session_expiration: | ||
expiration_url: /session-expired | ||
|
||
.. code-block:: xml | ||
|
||
<!-- app/config/security.xml --> | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<srv:container xmlns="http://symfony.com/schema/dic/security" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xmlns:srv="http://symfony.com/schema/dic/services" | ||
xsi:schemaLocation="http://symfony.com/schema/dic/services | ||
http://symfony.com/schema/dic/services/services-1.0.xsd"> | ||
|
||
<config> | ||
<firewall> | ||
<!-- ... --> | ||
<session-expiration expiration-url="/session-expired"/> | ||
</firewall> | ||
</config> | ||
|
||
</srv:container> | ||
|
||
.. code-block:: php | ||
|
||
// app/config/security.php | ||
$container->loadFromExtension('security', array( | ||
'firewalls' => array( | ||
'main'=> array( | ||
// ... | ||
'session_expiration' => array( | ||
'expiration_url' => '/session-expired', | ||
) | ||
), | ||
), | ||
)); | ||
|
||
To detect idle sessions, the firewall checks the last used timestamp stored in | ||
the session metadata bag. Beware that this value could be not as accurate as | ||
expected if you :doc:`limit metadata writes </cookbook/session/limit_metadata_writes>`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sessions (uppercased
s
)