I ran into a problem when when a user is idle for more than 24 hours (my session timeout) or leaves the site and then returns after 24 hours, they do not log out, but their session expires, or at least least their _token is no longer valid.
This leads to unwanted behavior, as the user submits the form after their expiration, and now they receive TokenMismatchException.
Locally, it seems that when the downtime exceeds the session lifetime, the user logs out, but this is not the case with production on a real server, the downtime can exceed the session lifetime, and yet the user still logs in Auth::check()and Auth::user()works as expected if user is logged in.
What can cause a user not to log out even if their session has expired?
Is there a way to verify that the session has expired, and then I can manually register the user with a message asking them to return to it?
I tried using a filter App::beforeto check the last_activity in the session and determine if it expired, but after the session expired, I no longer have access to it, since it was deleted from the database, so I can not compare timestamps to determine Do I need to manually log out and request a re-login.
My session configuration:
'driver' => 'database',
'lifetime' => 1440,
'expire_on_close' => false,
Thank.
source
share