Zend\Session & remember me

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Zend\Session & remember me

Brian Gallagher
Hi All,

I'm trying to get sessions to have a long lifespan, so they last for 30
days and persist after the browser is restarted.

My understanding is that this is what the 'remember_me' option is for,
however each time i reopen the browser I get a new session id. Here's my
config :

return array(
    'service_manager' => array(
        'factories' => array(
            'Zend\Session\SessionManager' =>
'Zend\Session\Service\SessionManagerFactory',
            'Zend\Session\Config\ConfigInterface' =>
'Zend\Session\Service\SessionConfigFactory',
        ),
    ),
    'session_config' => array(
        'cookie_lifetime' => $rememberMeSeconds,
        'remember_me_seconds' => $rememberMeSeconds,
        'use_cookies' => true,
        'cookie_httponly' => true,
    ),
);

Thanks for any help

Brian
Reply | Threaded
Open this post in threaded view
|

Re: Zend\Session & remember me

Mike Willbanks
What are you using for a save handler?  By default it will likely utilize
files and you also need to look at the gc settings.  For instance most
sessions are written by default to the tmp directory of the system which
most sysadmins will clear out from time to time.


On Wed, Sep 11, 2013 at 6:35 AM, Brian Gallagher
<[hidden email]>wrote:

> Hi All,
>
> I'm trying to get sessions to have a long lifespan, so they last for 30
> days and persist after the browser is restarted.
>
> My understanding is that this is what the 'remember_me' option is for,
> however each time i reopen the browser I get a new session id. Here's my
> config :
>
> return array(
>     'service_manager' => array(
>         'factories' => array(
>             'Zend\Session\SessionManager' =>
> 'Zend\Session\Service\SessionManagerFactory',
>             'Zend\Session\Config\ConfigInterface' =>
> 'Zend\Session\Service\SessionConfigFactory',
>         ),
>     ),
>     'session_config' => array(
>         'cookie_lifetime' => $rememberMeSeconds,
>         'remember_me_seconds' => $rememberMeSeconds,
>         'use_cookies' => true,
>         'cookie_httponly' => true,
>     ),
> );
>
> Thanks for any help
>
> Brian
>
Reply | Threaded
Open this post in threaded view
|

Re: Zend\Session & remember me

Brian Gallagher
Hi Mike,

I'm just using the default save handler - which I presume is the tmp dir.
This is all local for now.

Regardless, as soon as I close and reopen the browser a new session cookie
is generated.

Brian


On Wed, Sep 11, 2013 at 3:00 PM, Mike Willbanks <[hidden email]> wrote:

> What are you using for a save handler?  By default it will likely utilize
> files and you also need to look at the gc settings.  For instance most
> sessions are written by default to the tmp directory of the system which
> most sysadmins will clear out from time to time.
>
>
> On Wed, Sep 11, 2013 at 6:35 AM, Brian Gallagher <
> [hidden email]> wrote:
>
>> Hi All,
>>
>> I'm trying to get sessions to have a long lifespan, so they last for 30
>> days and persist after the browser is restarted.
>>
>> My understanding is that this is what the 'remember_me' option is for,
>> however each time i reopen the browser I get a new session id. Here's my
>> config :
>>
>> return array(
>>     'service_manager' => array(
>>         'factories' => array(
>>             'Zend\Session\SessionManager' =>
>> 'Zend\Session\Service\SessionManagerFactory',
>>             'Zend\Session\Config\ConfigInterface' =>
>> 'Zend\Session\Service\SessionConfigFactory',
>>         ),
>>     ),
>>     'session_config' => array(
>>         'cookie_lifetime' => $rememberMeSeconds,
>>         'remember_me_seconds' => $rememberMeSeconds,
>>         'use_cookies' => true,
>>         'cookie_httponly' => true,
>>     ),
>> );
>>
>> Thanks for any help
>>
>> Brian
>>
>
>


--
 Brian

 tel: +353 (0)864008052
 email: [hidden email]
 skype: gallagherbrian
Reply | Threaded
Open this post in threaded view
|

Re: Zend\Session & remember me

Mike Willbanks
Ok I think I understand where you are going with this.

You will likely have a few areas that you need to check into here:
1. session.gc_maxlifetime - the default which is common in PHP is 1440
seconds.  You may also want to set this to the remember me seconds.

When you use long-running sessions; it is expected behavior for the session
id to be regenerated.  But this is just an id and we are not clearing out
the session entirely.  Are you calling destory() on the session manager
anywhere?  This would also cause for the removal of the session cookie.

The first thing to look at is introspect the cookie after you have gone to
the page; this will allow you to start to see where things are going wrong.
 There may be that you are missing a configuration value or had mis-typed
the value.

Regards,

Mike


On Wed, Sep 11, 2013 at 7:04 AM, Brian Gallagher
<[hidden email]>wrote:

> Hi Mike,
>
> I'm just using the default save handler - which I presume is the tmp dir.
> This is all local for now.
>
> Regardless, as soon as I close and reopen the browser a new session cookie
> is generated.
>
> Brian
>
>
> On Wed, Sep 11, 2013 at 3:00 PM, Mike Willbanks <[hidden email]> wrote:
>
>> What are you using for a save handler?  By default it will likely utilize
>> files and you also need to look at the gc settings.  For instance most
>> sessions are written by default to the tmp directory of the system which
>> most sysadmins will clear out from time to time.
>>
>>
>> On Wed, Sep 11, 2013 at 6:35 AM, Brian Gallagher <
>> [hidden email]> wrote:
>>
>>> Hi All,
>>>
>>> I'm trying to get sessions to have a long lifespan, so they last for 30
>>> days and persist after the browser is restarted.
>>>
>>> My understanding is that this is what the 'remember_me' option is for,
>>> however each time i reopen the browser I get a new session id. Here's my
>>> config :
>>>
>>> return array(
>>>     'service_manager' => array(
>>>         'factories' => array(
>>>             'Zend\Session\SessionManager' =>
>>> 'Zend\Session\Service\SessionManagerFactory',
>>>             'Zend\Session\Config\ConfigInterface' =>
>>> 'Zend\Session\Service\SessionConfigFactory',
>>>         ),
>>>     ),
>>>     'session_config' => array(
>>>         'cookie_lifetime' => $rememberMeSeconds,
>>>         'remember_me_seconds' => $rememberMeSeconds,
>>>         'use_cookies' => true,
>>>         'cookie_httponly' => true,
>>>     ),
>>> );
>>>
>>> Thanks for any help
>>>
>>> Brian
>>>
>>
>>
>
>
> --
>  Brian
>
>  tel: +353 (0)864008052
>  email: [hidden email]
>  skype: gallagherbrian
>
Reply | Threaded
Open this post in threaded view
|

Re: Zend\Session & remember me

Brian Gallagher
The only cookie being set is the PHPSESSID which expires when the browser is closed. 



Should there be a second cookie containing the long life session id? Am I barking up the wrong tree?


On Wed, Sep 11, 2013 at 3:47 PM, Mike Willbanks <[hidden email]> wrote:
Ok I think I understand where you are going with this.

You will likely have a few areas that you need to check into here:
1. session.gc_maxlifetime - the default which is common in PHP is 1440 seconds.  You may also want to set this to the remember me seconds.

When you use long-running sessions; it is expected behavior for the session id to be regenerated.  But this is just an id and we are not clearing out the session entirely.  Are you calling destory() on the session manager anywhere?  This would also cause for the removal of the session cookie.

The first thing to look at is introspect the cookie after you have gone to the page; this will allow you to start to see where things are going wrong.  There may be that you are missing a configuration value or had mis-typed the value.

Regards,

Mike


On Wed, Sep 11, 2013 at 7:04 AM, Brian Gallagher <[hidden email]> wrote:
Hi Mike,

I'm just using the default save handler - which I presume is the tmp dir. This is all local for now.

Regardless, as soon as I close and reopen the browser a new session cookie is generated.

Brian


On Wed, Sep 11, 2013 at 3:00 PM, Mike Willbanks <[hidden email]> wrote:
What are you using for a save handler?  By default it will likely utilize files and you also need to look at the gc settings.  For instance most sessions are written by default to the tmp directory of the system which most sysadmins will clear out from time to time.  


On Wed, Sep 11, 2013 at 6:35 AM, Brian Gallagher <[hidden email]> wrote:
Hi All,

I'm trying to get sessions to have a long lifespan, so they last for 30
days and persist after the browser is restarted.

My understanding is that this is what the 'remember_me' option is for,
however each time i reopen the browser I get a new session id. Here's my
config :

return array(
    'service_manager' => array(
        'factories' => array(
            'Zend\Session\SessionManager' =>
'Zend\Session\Service\SessionManagerFactory',
            'Zend\Session\Config\ConfigInterface' =>
'Zend\Session\Service\SessionConfigFactory',
        ),
    ),
    'session_config' => array(
        'cookie_lifetime' => $rememberMeSeconds,
        'remember_me_seconds' => $rememberMeSeconds,
        'use_cookies' => true,
        'cookie_httponly' => true,
    ),
);

Thanks for any help

Brian




--
 Brian

 tel: <a href="tel:%2B353%20%280%29864008052" value="+353864008052" target="_blank">+353 (0)864008052
 email: [hidden email]
 skype: gallagherbrian




--
 Brian

 tel: +353 (0)864008052
 email: [hidden email]
 skype: gallagherbrian