How to detect session timeout in Symfony

0
votes

I'm currently working on a project with the PHP framework Symfony. I've configured secured pages, defined 30 minutes for the session timeout and set the page where the user should be redirect if an unauthenticated user tries to access a secured page.

I've remarked that the user is also redirected there if the user tries to access a secured page after the user's session has expired. In this case, I would like to display a message basically saying that "Your session has expired. Please reconnect."

How could I achieve this?

2
phpsessionsymfony1timeout

2 Answers

2
votes

You can set a cookie on each successful authentication. Then, if the session is empty, but the cookie is present, you say "Session expired".

Another, uglier way, which will work even with cookies disabled: always add the session ID to the URL. Then, again, if it's present in the URL, but the session is empty, we're in the expiration situation.

1
votes

Much easier is checking for myUser->timedout.

http://trac.symfony-project.org/changeset/1722

Symfony 1.4 does not have this method, but you can create it:

class myUser extends sfBasicSecurityUser
{
   // ...   
   public function getTimedOut() 
   {
       return $this->timedout;
   }
   // ...
}

The attribute timedout is filled correctly.

Then check for its value in your template:

<?php if($sf_user->getTimedOut()) : ?>
    <div class="error">Session timeout...</div>
<?php endif ?>