问题
How can I set session expiration time dynamically in codeigniter?
For example, if a user logs in and has the role of admin
, the expiration time should be longer than if a user logs in who does not have an admin
role.
Thanks.
回答1:
You can update your session expiration time by increasing this variable in config file:
$config['sess_expiration'] = 'somevalue'.
Set $config['sess_expiration'] = 0
, if you want it to never expire.
Here's a good discussion on CI forums:
Dynamically set configuration on session expire doesn’t work
回答2:
$data = array(
'username' => $this->input->post('username'),
'ADMIN_is_logged_in' => true
);
$this->session->sess_expiration = '14400';// expires in 4 hours
$this->session->set_userdata($data);// set session
回答3:
None of these solutions address doing this dynamically or require another variable to be added to the session. The solution I came up with for CI 3.0.4 is to extend Session.php.
Create file
application/libraries/Session/MY_Session.php
Put the following into the file and modify for your logic of setting the
$expiration
variable. In my case I am pulling the value from a database. NOTE: If you have different expiration values per user type; there is a chance they could get garbage collected and expire unexpectedly due to different expirations with the same session. In this case I do NOT recommend this approach.<?php class MY_Session extends CI_Session { public function __construct(array $params = array()) { parent::__construct($params); } /** * Configuration * * Handle input parameters and configuration defaults * * @param array &$params Input parameters * @return void */ protected function _configure(&$params) { $CI =& get_instance(); $phppos_session_expiration = NULL; $CI->db->from('app_config'); $CI->db->where("key", "phppos_session_expiration"); $row = $CI->db->get()->row_array(); if (!empty($row)) { if (is_numeric($row['value'])) { $phppos_session_expiration = (int)$row['value']; } } $expiration = $phppos_session_expiration !== NULL ? $phppos_session_expiration : config_item('sess_expiration'); if (isset($params['cookie_lifetime'])) { $params['cookie_lifetime'] = (int) $params['cookie_lifetime']; } else { $params['cookie_lifetime'] = ( ! isset($expiration) && config_item('sess_expire_on_close')) ? 0 : (int) $expiration; } isset($params['cookie_name']) OR $params['cookie_name'] = config_item('sess_cookie_name'); if (empty($params['cookie_name'])) { $params['cookie_name'] = ini_get('session.name'); } else { ini_set('session.name', $params['cookie_name']); } isset($params['cookie_path']) OR $params['cookie_path'] = config_item('cookie_path'); isset($params['cookie_domain']) OR $params['cookie_domain'] = config_item('cookie_domain'); isset($params['cookie_secure']) OR $params['cookie_secure'] = (bool) config_item('cookie_secure'); session_set_cookie_params( $params['cookie_lifetime'], $params['cookie_path'], $params['cookie_domain'], $params['cookie_secure'], TRUE // HttpOnly; Yes, this is intentional and not configurable for security reasons ); if (empty($expiration)) { $params['expiration'] = (int) ini_get('session.gc_maxlifetime'); } else { $params['expiration'] = (int) $expiration; ini_set('session.gc_maxlifetime', $expiration); } $params['match_ip'] = (bool) (isset($params['match_ip']) ? $params['match_ip'] : config_item('sess_match_ip')); isset($params['save_path']) OR $params['save_path'] = config_item('sess_save_path'); $this->_config = $params; // Security is king ini_set('session.use_trans_sid', 0); ini_set('session.use_strict_mode', 1); ini_set('session.use_cookies', 1); ini_set('session.use_only_cookies', 1); ini_set('session.hash_function', 1); ini_set('session.hash_bits_per_character', 4); } }
回答4:
You can handle this with a custom controller. When a user logs in, set a session variable with the time of login. Create custom controller that contains a function in the constructor to check if the user is not admin user and if the timeout has expired. If it has, call $this->session->destroy(); Now, make all your controllers extend that controller instead of the CI base controller.
回答5:
Session will expire in 10 seconds
$config['sess_expiration']= 10;
Session will not expire
$config['sess_expiration']= 0;
回答6:
use something like this:
$user_type = $this->input->post('user_type');
if ($user_type == 'admin')
{
//set session to non-expiring
$this->session->sess_expiration = '32140800'; //~ one year
$this->session->sess_expire_on_close = 'false';
}
else
{
//set session expire time, after that user should login again
$this->session->sess_expiration = '1800'; //30 Minutes
$this->session->sess_expire_on_close = 'true';
}
//set session and go to Dashboard or Admin Page
$this->session->set_userdata(array(
'id' => $result[0]['id'],
'username' => $result[0]['username']
));
回答7:
In your login functionality just after user credentials have been verified you can check if user is admin and set different sessions accordingly. Something along these lines
<?php
/*
*Assuming user is successfully veriefied and you've verified id user is admin*/
if($isAdmin==true){
$this->session->sess_expiration = 14400; // 4 Hours
}else{
// For ordinary users
$this->session->sess_expiration = 1800; // 30 minutes
}
$this->session->sess_expire_on_close = FALSE;
回答8:
At codeigniter go to applications/config.php and find the below configuration.
$config['sess_expiration'] = 14400; //in seconds
回答9:
You can solve the session issue by replacing this:
$config['sess_use_database'] = TRUE;
$config['sess_encrypt_cookie'] = TRUE;
with this:
$config['sess_use_database'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
来源:https://stackoverflow.com/questions/7005808/set-session-expiration-time-manually-codeigniter