Automatic logout #250
Comments
|
Sounds useful, so i've made a Gist. Feel free to modify it in anyway you need. https://gist.github.com/eypsilon/aa0ef898608ff4c441d7d7af94bc6b7b Usage: // the first parameter sets the max lifetime of an session in seconds
(new AutoLogout)->watch(3, '/redirect_to');
// with a callback as closure
(new AutoLogout)->watch(3, null, function($s, $r, $st) {
// custom events
}); |
|
Thanks again, @eypsilon! This looks good. There’s just one thing that I think could be improved: I know this is currently independent of any @dotsensei If you use the solution shared above, make sure that the PHP configuration value If that automatic logout after a given time of inactivity is something more people want, we can (and should) add this directly to this library here. So let’s leave this issue open. |
Since there are many available options for the logout process ( (new AutoLogout)->watch(2, null, function() use($auth) {
// at this point, the session is expired
$auth->logOut();
$auth->destroySession();
});But FULL ACK, this should be part of the library, it just makes sense. And it would be easier to implement, as anything i do. I've written an alternate Class, that can be used instead. It only checks and logs the User out, when the session expires. Everything else can be done, when the method is called. https://gist.github.com/eypsilon/8f3a5934e54367b0f4fdbcab72210c04 if ((new AutoLogout)->watch($auth, 3)) {
// session is expired and destroyed
}
[X] |
|
Thanks! Fully agree with everything you said, and that newer class looks even better. |
|
I was curious so I tested it in the library and it just fits perfectly in it. // in: vendor/delight-im/auth/src/Auth.php
/** @var String session field for users last action time */
const SESSION_FIELD_LAST_ACTION = 'auth_last_action';
/**
* Logs the user automatically out after X seconds. Runs only, when a User is logged in.
*
* @param Int $seconds max lifetime in seconds
* @param Array $run a list with internal methods to run if session is expired, default: ['logOut', 'destroySession']
* @return Bool returns true, if the session is expired
*/
public function autoLogout(Int $seconds, Array $run=['logOut', 'destroySession']): Bool
{
if ($this->check())
if ($l = ($_SESSION[self::SESSION_FIELD_LAST_ACTION] ?? false) AND \time() > $l+$seconds) {
foreach($run as $task)
if (\method_exists($this, $task))
$this->$task();
return true;
} else $_SESSION[self::SESSION_FIELD_LAST_ACTION] = \time();
return false;
}And to use the method, we can call it right after instantiation. And this method should definitely be part of the lib (not necessarily what i've posted, but the functionality in generell), because it's an often used mechanism on Pages with Auth-Services. $auth = new \Delight\Auth\Auth($db);
$auth->autoLogout(3); |
|
It will be something very similar. Either a method call, as you suggested, or a new parameter somewhere. But the thing is, of course, that we might want to allow for detection of automatic logouts, so that you can easily implement your redirect, etc. So the method call with a boolean return value makes a lot of sense. We won’t need the second parameter |
The loop is actually a relic of the previous versions of the class, where the focus was more on the callback functionality. You are right, internally it's not necessary anymore. But to keep it practicable, it should be a method, so we can do stuff like: if ($auth->autoLogout(3)) {
// notify_user | some_custom_stuff | ...
} |
Has anyone implemented an automated logout with this library? I.e. logout if there is no user activity in 15-30 minutes - logout him, and redirecting to the login page. I would appreciate some guidance. Thank you.
The text was updated successfully, but these errors were encountered: