1. 技术文章
  2. Laravel cookie session lifetime

Laravel cookie session lifetime

你说的曾经没有我的故事 提交于 2020-01-14 22:56:48

问题


I used my Laravel as a OAuth2 client, and I need to keep token i cookies. So, I set driver to cookie and keep default value for lifetime 120

When any user check remember me on login, I tried to change lifetime with code:

    $lifetime = time() + 60 * 60 * 24 * 365;// one year
    Config::set('session.lifetime', $lifetime);

But without success. In any another controller I checked value of lifetime and every time I get default value.

\Log::info(\Config::get('session.lifetime'));

Edit #1:

It is enough?

if(Input::has('rememberMe')) {
   $lifetime = time() + 60 * 60 * 24 * 365; // one year
   Session::put('Expires', $lifetime);
}

Edit #2:

I put acess_token key on the same way as Expires in example above, like:

public function signin() {

    /**
     * Code for getting *client_code* and *client_state* from API server
     */

    $access_token = $this->provider->getAccessToken('authorization_code', $form_data);

    // $access_token is object and contain all data (access_token, refresh_token, expires)
    Session::put('access_token', $access_token);
    Session::put('refresh_token', $access_token->refreshToken);
    Session::put('token_expires', $access_token->expires);

    if(Input::has('rememberMe')) {
       $lifetime = time() + 60 * 60 * 24 * 365; // one year
       Session::put('expires', $lifetime);
    }


    return Response....

}

This is the 'default' Laravel session (I changed driver from file to cookie in /app/config/session.php). I know life time should be set in /app/config/session.php file, but as you can see I need longer life time for Remember me option


回答1:


Actually when you are setting the value like this in a Controller:

$lifetime = time() + 60 * 60 * 24 * 365;// one year
Config::set('session.lifetime', $lifetime);

It's not updating the value in the file, instead it sets it for the current request only (in memory) and when you check the value using this from another Controller/Request like this:

Config::get('session.lifetime');

You are getting the value from the original value from file system. It's mentioned in the documentation as given below:

Configuration values that are set at run-time are only set for the current request, and will not be carried over to subsequent requests.




回答2:


Since it seems to be OK to use cookies as the session driver in your case, you could set the session lifetime to one year in /app/config/session.php by default and store the expiration date of the cookie along with the token in the session. That would allow you to control artificially the validity of the cookie.

Basically, your signin method could look like this:

public function signin() {

    /**
     * Code for getting *client_code* and *client_state* from API server
     */

    $access_token = $this->provider->getAccessToken('authorization_code', $form_data);

    // $access_token is object and contain all data (access_token, refresh_token, expires)
    Session::put('access_token', $access_token);
    Session::put('refresh_token', $access_token->refreshToken);
    Session::put('token_expires', $access_token->expires);

    if (Input::has('rememberMe')) {
       $expires = time() + 60 * 60 * 24 * 365; // one year
    } else {
       $expires = time() + 60 * 60 * 2; // two hours
    }

    Session::put('cookie_expires', $expires);

    return Response....

}

Then, any time you want to use the access_token, you would check that cookie_expires isn't past first (and if it is, redirect the user to the login page after clearing the session, for example).




回答3:


I have no idea where the Session::put('expires', $lifetime); will be used. To me, it seems like a normal cookie variable, not actual lifetime associated with any cookie.

You will need to set the cookie lifetime before your cookies are set, and do it the way that Laravel knows you're setting a new cookie lifetime value.

public function signin() {

    $access_token = $this->provider->getAccessToken('authorization_code', $form_data);

    if (!$access_token) {
        return Response... // Respond some other way if authentication failed.
    }

    // Check rememberMe first so you can set the right session.lifetime before setting any cookies.
    if(Input::has('rememberMe')) {
       $lifetime = time() + 60 * 60 * 24 * 365; // one year
       Config::set('session.lifetime', $lifetime);
    }

    Session::put('access_token', $access_token);
    Session::put('refresh_token', $access_token->refreshToken);
    Session::put('token_expires', $access_token->expires);

    return Response....
}

I also took the chance to add if (!$access_token) { before setting the cookie since you won't always be authenticating successfully.




回答4:


Friends Please use the following function instead of numbers

strtotime("+1 year")

It makes more sense for humans



来源:https://stackoverflow.com/questions/24317313/laravel-cookie-session-lifetime

标签
session
cookies
laravel
lifetime
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!