All geek questions in one place

How to update a session during a POST request?

I am creating an Ajax application in Symfony2 where the user is logged in, and then everything is handled by POST requests from now on. After determining the session lifetime to 5 minutes in config.yml I ran into the problem of invalidating the user session after 5 minutes, even if they make POST requests. Every time a request is made, I would like to reset the countdown before the session is invalid, but I'm not sure how to do this efficiently.

The method I'm thinking of now is to write a listener for the kernel.request event, checking if the request method is POST and manipulating the session class. I havenโ€™t done this yet, but this doesnโ€™t seem like a clean solution, as the listener needs to shoot every time a request is made.

Here is my session configuration:

 session: default_locale: %locale% auto_start: true lifetime: 300

Any ideas? Is the solution simple PHP, not Symfony?

+6
source share
2 answers

Session lifetime is the maximum age. This is controlled by the already created cookie, which is no longer updated by the server (since the session is already established). You can simply refresh this cookie manually, and I think it will do it with symfony2.

Probably the easiest way is to restore the session identifier without destroying the session:

 $this->get('session')->migrate();

This should trigger an update in the session cookie.

Probably related questions:

+9
source

To explain everything that is ready here, here is a complete working example registered as a kernel request listener. In this example, I programmed a timeout of 1200 seconds (20 minutes). You can transfer the amount of time from the parameters.yml file (which I did during the production process):

 #src\My\AppBundle\Resources\config\services.yml kernel_request.listener: class: My\AppBundle\EventListener\KernelRequestListener tags: - { name: kernel.event_listener, event: kernel.request, method: onKernelRequest } arguments: [@security.context, 1200]

And the class:

 #Place in your src\My\AppBundle\EventListener folder namespace My\AppBundle\EventListener { use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\HttpKernel\HttpKernel; use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; use Symfony\Component\Security\Core\Exception\CredentialsExpiredException; use Symfony\Component\Security\Core\SecurityContextInterface; class KernelRequestListener { /** @var int */ private $maxIdleTime; /** @var SecurityContextInterface */ private $securityContext; function __construct(SecurityContextInterface $securityContext, $maxIdleTime) { $this->securityContext = $securityContext; $this->maxIdleTime = $maxIdleTime; } public function onKernelRequest(GetResponseEvent $event) { if ($event->getRequestType() !== HttpKernel::MASTER_REQUEST) { // don't do anything if it not the master request return; } $session = $event->getRequest()->getSession(); $token = $this->securityContext->getToken(); if ($session !== null && !($token instanceof AnonymousToken) && $token->isAuthenticated()) { $session->start(); if ((time() - $session->getMetadataBag()->getLastUsed()) > $this->maxIdleTime) { throw new CredentialsExpiredException(); } $session->migrate(false, $this->maxIdleTime); } } }
+1
source

Source: https://habr.com/ru/post/904359/

More articles:


All Articles