Session cookie and persisten cookie in Magento

1
votes

I've searched around for a good answer to this question and found none. Basically I need my Magento users to be automatically logged out after 15 minutes or after they close the browser. Very simple issue but no definitive answer so far. I know when the lifetime is 0, cookie becomes a session cookie and will be expired after the browser is closed. When lifetime is >0 then cookie becomes a persistent cookie that will be expired after certain time. The problem is how to meet both conditions perfectly.

In Mage_Core_Model_Session_Abstract_Varien::start(), there is this code:

    $cookieParams = array(
        'lifetime' => $cookie->getLifetime(),
        'path'     => $cookie->getPath(),
        'domain'   => $cookie->getConfigDomain(),
        'secure'   => $cookie->isSecure(),
        'httponly' => $cookie->getHttponly()
    );
    ...
    call_user_func_array('session_set_cookie_params', $cookieParams);
    ...
    session_start();

From this code, there is no way that I can modify to create 2 sessions (one with 0 lifetime, the other with 900 lifetime) per user access.

I also tried to modify the Mage_Core_Controller_Varien_Action::preDispatch() to instantiate 2 sessions per user access, but it doesn't work.

Is there a way to make Magento users log out after 15 minutes and after closing the browser?

session.gc_maxlifetime is 86400, session.gc_probability is 1, session.gc_divisor is 100.

1
magento

1 Answers

1
votes

It should be simple enough to do this, assuming visitor logging is enabled so that last visit time is getting stored in their core session. I will assume that you can create or modify a Magento extension so that I don’t have to walk you through those steps.

Create an observer on the <controller_action_predispatch> event in your extension’s config.xml. It should look something like this:

<?xml version="1.0"?>
<config>
    <frontend>
        <events>
            <controller_action_predispatch>
                <observers>
                    <logoutInactive>
                        <class>My_MyExtension_Model_Observer</class>
                        <method>logoutInactive</method>
                    </logoutInactive>
                </observers>
            </controller_action_predispatch>
        </events>
    </frontend>
</config>

In the Observer.php file your method should look something like this:

class My_MyExtension_Model_Observer
{
    public function logoutInactive(Varien_Event_Observer $observer)
    {
        $session = Mage::getSingleton('customer/session');
        if ($session->isLoggedIn()) {
            $lastVisit = Mage::getSingleton('log/visitor')->getLastVisitAt();
            $timeout = Mage::getModel('core/date')->date('Y-m-d H:i:s', '15 minutes ago');
            if ($lastVisit < $timeout) {
                $session->logout();
            }
        }
        return $this;
    }
}

You will also want to make sure your observer fires after Mage_Log_Model_Visitor::initByRequest since this will initialize the visitor log that your observer will make use of during the same event. This shouldn’t be a problem, but declaring this dependency should ensure your observer gets called later. In your module’s definition (i.e. app/etc/modules/My_MyExtension.xml):

<?xml version="1.0"?>
<config>
    <modules>
        <My_MyExtension>
            <active>true</active>
            <codePool>local</codePool>
            <depends>
                <Mage_Log/>
            </depends>
        </My_MyExtension>
    </modules>
</config>