[WCM] Idle sessions expiration cookbook recipe. #4576
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -25,3 +25,4 @@ Security | |
| target_path | ||
| csrf_in_login_form | ||
| named_encoders | ||
| session_expiration | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,155 @@ | ||
| .. index:: | ||
| single: Security; Expiration of Idle sessions | ||
|
|
||
| Expiration of Idle sessions | ||
| =========================== | ||
|
|
||
| To be able to expire idle sessions, you have to activate the ``session_expiration`` | ||
| firewall listener: | ||
|
|
||
| .. configuration-block:: | ||
|
|
||
| .. code-block:: yaml | ||
|
|
||
| # app/config/security.yml | ||
|
There was a problem hiding this comment.
|
||
| security: | ||
| firewalls: | ||
| main: | ||
| # ... | ||
| session_expiration: ~ | ||
|
|
||
| .. code-block:: xml | ||
|
|
||
| <!-- app/config/security.xml --> | ||
|
There was a problem hiding this comment.
|
||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <srv:container xmlns="http://symfony.com/schema/dic/security" | ||
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xmlns:srv="http://symfony.com/schema/dic/services" | ||
| xsi:schemaLocation="http://symfony.com/schema/dic/services | ||
| http://symfony.com/schema/dic/services/services-1.0.xsd"> | ||
|
|
||
| <config> | ||
|
There was a problem hiding this comment. Please add a blank line before this element (same below). |
||
| <firewall> | ||
|
There was a problem hiding this comment. I think you forgot here the firewall name |
||
| <!-- ... --> | ||
| <session-expiration /> | ||
| </firewall> | ||
| </config> | ||
|
|
||
| </srv:container> | ||
|
|
||
| .. code-block:: php | ||
|
|
||
| // app/config/security.php | ||
|
There was a problem hiding this comment.
|
||
| $container->loadFromExtension('security', array( | ||
| 'firewalls' => array( | ||
| 'main'=> array( | ||
| // ... | ||
| 'session_expiration' => array(), | ||
| ), | ||
| ), | ||
| )); | ||
|
|
||
|
|
||
|
There was a problem hiding this comment. You have a double empty line here. Could you please remove one of them? |
||
| To adjust the max idle time before the session is marked as expired, you can | ||
| set the ``max_idle_time`` option value in seconds. By default the value of this | ||
|
There was a problem hiding this comment. I think I prefer "By default, the value [...]" (note the comma) |
||
| option is equal to the ``session.gc_maxlifetime`` configuration option of PHP. | ||
| The ``max_idle_time`` option value **should be less or equal** to the | ||
| ``session.gc_maxlifetime`` value. | ||
|
|
||
| .. configuration-block:: | ||
|
|
||
| .. code-block:: yaml | ||
|
|
||
| # app/config/security.yml | ||
|
There was a problem hiding this comment.
|
||
| security: | ||
| firewalls: | ||
| main: | ||
| # ... | ||
| session_expiration: | ||
| max_idle_time: 600 | ||
|
|
||
| .. code-block:: xml | ||
|
|
||
| <!-- app/config/security.xml --> | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <srv:container xmlns="http://symfony.com/schema/dic/security" | ||
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xmlns:srv="http://symfony.com/schema/dic/services" | ||
| xsi:schemaLocation="http://symfony.com/schema/dic/services | ||
| http://symfony.com/schema/dic/services/services-1.0.xsd"> | ||
|
|
||
| <config> | ||
| <firewall> | ||
| <!-- ... --> | ||
| <session-expiration max-idle-time="600"/> | ||
| </firewall> | ||
| </config> | ||
|
|
||
| </srv:container> | ||
|
|
||
| .. code-block:: php | ||
|
|
||
| // app/config/security.php | ||
| $container->loadFromExtension('security', array( | ||
| 'firewalls' => array( | ||
| 'main'=> array( | ||
| // ... | ||
| 'session_expiration' => array( | ||
| 'max_idle_time' => 600, | ||
| ) | ||
|
There was a problem hiding this comment. there is missing a comma here (same in the code example below) |
||
| ), | ||
| ), | ||
| )); | ||
|
|
||
| By default, when an expired session is detected, an authorization exception is | ||
| thrown. If the option ``expiration_url`` is set, the user will be redirected | ||
| to this URL and no exception will be thrown: | ||
|
|
||
| .. configuration-block:: | ||
|
|
||
| .. code-block:: yaml | ||
|
|
||
| # app/config/security.yml | ||
| security: | ||
| firewalls: | ||
| main: | ||
| # ... | ||
| session_expiration: | ||
| expiration_url: /session-expired | ||
|
|
||
| .. code-block:: xml | ||
|
|
||
| <!-- app/config/security.xml --> | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <srv:container xmlns="http://symfony.com/schema/dic/security" | ||
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xmlns:srv="http://symfony.com/schema/dic/services" | ||
| xsi:schemaLocation="http://symfony.com/schema/dic/services | ||
| http://symfony.com/schema/dic/services/services-1.0.xsd"> | ||
|
|
||
| <config> | ||
| <firewall> | ||
| <!-- ... --> | ||
| <session-expiration expiration-url="/session-expired"/> | ||
| </firewall> | ||
| </config> | ||
|
|
||
| </srv:container> | ||
|
|
||
| .. code-block:: php | ||
|
|
||
| // app/config/security.php | ||
| $container->loadFromExtension('security', array( | ||
| 'firewalls' => array( | ||
| 'main'=> array( | ||
| // ... | ||
| 'session_expiration' => array( | ||
| 'expiration_url' => '/session-expired', | ||
| ) | ||
| ), | ||
| ), | ||
| )); | ||
|
|
||
| To detect idle sessions, the firewall checks the last used timestamp stored in | ||
| the session metadata bag. Beware that this value could be not as accurate as | ||
| expected if you :doc:`limit metadata writes </cookbook/session/limit_metadata_writes>`. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sessions (uppercased
s)