1

First of all, I've been looking around for informations about this but it was all about Symfony 1.x or even more confusing...

Environment

  • Symfony 2.3
  • FOSUserBundle + Custom User entity

Problem

In the web site I'm developing I would like user session to end (= have to log in again) either when they close their browser or after 2 hours.

In the Symfony2 documentation they say that the default timeout is set with the parameter "framework.session.cookie_lifetime" of the config.yml, and that its default value is 0 which means that the session expires when the user closes his browser.

Those options are still on default in my configuration file, but when I a open a session and then close the browser, if I reopen it and go to the website I'm still logged in... So that's where I started getting confused... I tried to force the cookie_lifetime value to 0, but it's the same.

The config.yml with the cookie_lifetime option setted :

framework:
    translator: {fallback: %locale%}
    secret: %secret%
    default_locale: "%locale%"
    trusted_proxies: ~
    session:
      cookie_lifetime: 0
    fragments: ~
    http_method_override: true

Do you have any idea why this behavior ?

Improve this question

1 Answer 1

Reset to default
1

Usually browsers don't end a session if you keep the tab open — even if you restart the browser.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

You mean that if there is only one tab open in my browser and I close the browser, it won't end the session ? What if I have multiple tabs open and I juste close the one with my web site. Is it supposed to end the session ?
Depends on the browser and whether it reopens tabs from the previous session when you restart it.
Well I tried several conditions in Firefox and the session is never ended. Closing the tab and browser works on Chrome though. I don't like when things are not regular...
As you can see, it's browser specific. I wouldn't bother with this. I'd set the session cookie config to default and set up the Remember Me feature to remember the user for 2 hours.
Hi again, I tried to set the remember me like on the link you provided but it doesn't work. When I log in I can see the REMEMBERME cookie in the browser options and it is set to now + 2hours (and the PHPSESSID is still there with 'session lifetime') but if I close the browser and come back to the website, I'm not logged anymore.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.