Quantcast
Zend Framework Community ZF Contributor

My session doesn't expire

classic Classic list List threaded Threaded
8 messages Options
rwrz
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

My session doesn't expire

rwrz
Hello guys,

I have implemented a Auth using this piece of code on Module.php:

    public function getServiceConfig()
    {
        return array(
            'factories' => array (
                'Auth' => function($sm) {
                    $auth = new \Zend\Authentication\AuthenticationService();
                    $sessionContainer = new \Zend\Session\Container('System_Auth');
                    $sessionContainer->setExpirationSeconds(10);
                    $auth->setStorage(new \Zend\Authentication\Storage\Session(' System_Auth '));
                    return $auth;
                }
            ),
        );
    }

But my session never expire, what I'm doing wrong?
On ZF1 this was working very well.

Thanks,

Rodrigo
weierophinney
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: My session doesn't expire

weierophinney
Administrator
-- Rodrigo Picinin - RWRZ <[hidden email]> wrote
(on Wednesday, 15 August 2012, 06:45 PM -0300):

> I have implemented a Auth using this piece of code on Module.php:
>
>
>         public function getServiceConfig()
>         {
>             return array(
>                 'factories' => array (
>                     'Auth' => function($sm) {
>                         $auth = new \Zend\Authentication\AuthenticationService
>     ();
>                         $sessionContainer = new \Zend\Session\Container
>     ('System_Auth');
>                         $sessionContainer->setExpirationSeconds(10);
>                         $auth->setStorage(new \Zend\Authentication\Storage\
>     Session(' System_Auth '));
>                         return $auth;
>                     }
>                 ),
>             );
>         }
>
>
> But my session never expire, what I'm doing wrong?

Are you accessing the Auth service anywhere in your code? Otherwise, the
above code will never run...

--
Matthew Weier O'Phinney
Project Lead            | [hidden email]
Zend Framework          | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc
EvanDotPro
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: My session doesn't expire

EvanDotPro
In reply to this post by rwrz
On Wed, Aug 15, 2012 at 2:45 PM, Rodrigo Picinin - RWRZ
<[hidden email]> wrote:

> Hello guys,
>
> I have implemented a Auth using this piece of code on Module.php:
>
>>     public function getServiceConfig()
>>     {
>>         return array(
>>             'factories' => array (
>>                 'Auth' => function($sm) {
>>                     $auth = new
>> \Zend\Authentication\AuthenticationService();
>>                     $sessionContainer = new
>> \Zend\Session\Container('System_Auth');
>>                     $sessionContainer->setExpirationSeconds(10);
>>                     $auth->setStorage(new
>> \Zend\Authentication\Storage\Session(' System_Auth '));
>>                     return $auth;
>>                 }
>>             ),
>>         );
>>     }
>
>
> But my session never expire, what I'm doing wrong?
> On ZF1 this was working very well.

Could it perhaps be that this factory is being called for every
request, and thus resetting the expiration seconds to 10 every time? I
recall a similar bug when using setExpirationHops() with Zend\Di quite
a while ago, but I'm not sure if it affects setExpirationSeconds()
too.

--
Evan Coury
rwrz
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: My session doesn't expire

rwrz
Are you accessing the Auth service anywhere in your code? Otherwise, the
above code will never run...

Yes, I'm using it on other places on my code.

Could it perhaps be that this factory is being called for every
request, and thus resetting the expiration seconds to 10 every time? I
recall a similar bug when using setExpirationHops() with Zend\Di quite
a while ago, but I'm not sure if it affects setExpirationSeconds()
too.

And yes, I think this is happening. But it shouldnt... 

If I set this to expire in 10 seconds, I need to loose everything on the session in 10 seconds. So, if I refresh my website (after 10 secs), this should be expired and a new one will be created with 10 secs again, but without information. This isnt happening.

Any idea?

Thanks,

Rodrigo


On Wed, Aug 15, 2012 at 7:43 PM, Evan Coury <[hidden email]> wrote:
On Wed, Aug 15, 2012 at 2:45 PM, Rodrigo Picinin - RWRZ
<[hidden email]> wrote:
> Hello guys,
>
> I have implemented a Auth using this piece of code on Module.php:
>
>>     public function getServiceConfig()
>>     {
>>         return array(
>>             'factories' => array (
>>                 'Auth' => function($sm) {
>>                     $auth = new
>> \Zend\Authentication\AuthenticationService();
>>                     $sessionContainer = new
>> \Zend\Session\Container('System_Auth');
>>                     $sessionContainer->setExpirationSeconds(10);
>>                     $auth->setStorage(new
>> \Zend\Authentication\Storage\Session(' System_Auth '));
>>                     return $auth;
>>                 }
>>             ),
>>         );
>>     }
>
>
> But my session never expire, what I'm doing wrong?
> On ZF1 this was working very well.

Could it perhaps be that this factory is being called for every
request, and thus resetting the expiration seconds to 10 every time? I
recall a similar bug when using setExpirationHops() with Zend\Di quite
a while ago, but I'm not sure if it affects setExpirationSeconds()
too.

--
Evan Coury
rwrz
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: My session doesn't expire

rwrz
Anyone? Should I open a BUG ?

On Wed, Aug 15, 2012 at 9:30 PM, Rodrigo Picinin - RWRZ <[hidden email]> wrote:
Are you accessing the Auth service anywhere in your code? Otherwise, the
above code will never run...

Yes, I'm using it on other places on my code.

Could it perhaps be that this factory is being called for every
request, and thus resetting the expiration seconds to 10 every time? I
recall a similar bug when using setExpirationHops() with Zend\Di quite
a while ago, but I'm not sure if it affects setExpirationSeconds()
too.

And yes, I think this is happening. But it shouldnt... 

If I set this to expire in 10 seconds, I need to loose everything on the session in 10 seconds. So, if I refresh my website (after 10 secs), this should be expired and a new one will be created with 10 secs again, but without information. This isnt happening.

Any idea?

Thanks,

Rodrigo


On Wed, Aug 15, 2012 at 7:43 PM, Evan Coury <[hidden email]> wrote:
On Wed, Aug 15, 2012 at 2:45 PM, Rodrigo Picinin - RWRZ
<[hidden email]> wrote:
> Hello guys,
>
> I have implemented a Auth using this piece of code on Module.php:
>
>>     public function getServiceConfig()
>>     {
>>         return array(
>>             'factories' => array (
>>                 'Auth' => function($sm) {
>>                     $auth = new
>> \Zend\Authentication\AuthenticationService();
>>                     $sessionContainer = new
>> \Zend\Session\Container('System_Auth');
>>                     $sessionContainer->setExpirationSeconds(10);
>>                     $auth->setStorage(new
>> \Zend\Authentication\Storage\Session(' System_Auth '));
>>                     return $auth;
>>                 }
>>             ),
>>         );
>>     }
>
>
> But my session never expire, what I'm doing wrong?
> On ZF1 this was working very well.

Could it perhaps be that this factory is being called for every
request, and thus resetting the expiration seconds to 10 every time? I
recall a similar bug when using setExpirationHops() with Zend\Di quite
a while ago, but I'm not sure if it affects setExpirationSeconds()
too.

--
Evan Coury
EvanDotPro
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: My session doesn't expire

EvanDotPro
In reply to this post by rwrz
On Wed, Aug 15, 2012 at 5:30 PM, Rodrigo Picinin - RWRZ
<[hidden email]> wrote:

>> Are you accessing the Auth service anywhere in your code? Otherwise, the
>> above code will never run...
>
>
> Yes, I'm using it on other places on my code.
>
>> Could it perhaps be that this factory is being called for every
>> request, and thus resetting the expiration seconds to 10 every time? I
>> recall a similar bug when using setExpirationHops() with Zend\Di quite
>> a while ago, but I'm not sure if it affects setExpirationSeconds()
>> too.
>
>
> And yes, I think this is happening. But it shouldnt...

Yep, if it's the bug I mentioned, it needs to be fixed for both expiry
hops and seconds. You should file an issue, or better yet, see if you
can get it fixed and submit a pull request. Unfortunately things like
that are very difficult to accurately write tests for their behavior.

--
Evan Coury
rwrz
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: My session doesn't expire

rwrz
Well,

I have fixed this problem with one line:

        $this->expireKeys();

Just add this line on the __construct of the Zend\Session\Container. Like this:


    public function __construct($name = 'Default', Manager $manager = null)
    {
        if (!preg_match('/^[a-z][a-z0-9_\\\]+$/i', $name)) {
            throw new Exception\InvalidArgumentException(
                'Name passed to container is invalid; must consist of alphanumerics, backslashes and underscores only'
            );
        }
        $this->name = $name;
        $this->setManager($manager);

        // Create namespace
        parent::__construct(array(), ArrayObject::ARRAY_AS_PROPS);

        // Start session
        $this->getManager()->start();

        $this->expireKeys();
    }

How should I report this?

Thanks,

Rodrigo


On Thu, Aug 16, 2012 at 2:53 PM, Evan Coury <[hidden email]> wrote:
On Wed, Aug 15, 2012 at 5:30 PM, Rodrigo Picinin - RWRZ
<[hidden email]> wrote:
>> Are you accessing the Auth service anywhere in your code? Otherwise, the
>> above code will never run...
>
>
> Yes, I'm using it on other places on my code.
>
>> Could it perhaps be that this factory is being called for every
>> request, and thus resetting the expiration seconds to 10 every time? I
>> recall a similar bug when using setExpirationHops() with Zend\Di quite
>> a while ago, but I'm not sure if it affects setExpirationSeconds()
>> too.
>
>
> And yes, I think this is happening. But it shouldnt...

Yep, if it's the bug I mentioned, it needs to be fixed for both expiry
hops and seconds. You should file an issue, or better yet, see if you
can get it fixed and submit a pull request. Unfortunately things like
that are very difficult to accurately write tests for their behavior.

--
Evan Coury
EvanDotPro
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: My session doesn't expire

EvanDotPro
On Thu, Aug 16, 2012 at 11:27 AM, Rodrigo Picinin - RWRZ
<[hidden email]> wrote:

> Well,
>
> I have fixed this problem with one line:
>
>         $this->expireKeys();
>
> Just add this line on the __construct of the Zend\Session\Container. Like
> this:
>
>
>>>     public function __construct($name = 'Default', Manager $manager =
>>> null)
>>>
>>>     {
>>>
>>>         if (!preg_match('/^[a-z][a-z0-9_\\\]+$/i', $name)) {
>>>
>>>             throw new Exception\InvalidArgumentException(
>>>
>>>                 'Name passed to container is invalid; must consist of
>>> alphanumerics, backslashes and underscores only'
>>>
>>>             );
>>>
>>>         }
>>>
>>>         $this->name = $name;
>>>
>>>         $this->setManager($manager);
>>>
>>>
>>>         // Create namespace
>>>
>>>         parent::__construct(array(), ArrayObject::ARRAY_AS_PROPS);
>>>
>>>
>>>         // Start session
>>>
>>>         $this->getManager()->start();
>>>
>>>
>>>         $this->expireKeys();
>>>
>>>     }
>
>
> How should I report this?

Does this also solve the max hops bug? If so, awesome. Definitely
submit a pull request, and if you can figure out a way, write a unit
test that fails without this fix, and passes with it.

--
Evan Coury
Loading...
Powered by Nabble Edit this page