slim4-tutorial icon indicating copy to clipboard operation
slim4-tutorial copied to clipboard
verified publisher icon odan

PHP Session, cookie lifetime

Open jsolowiej opened this issue 4 months ago • 2 comments

Hi, I followed session implementation from your book. As far as I can see, you set up session cookie in a way: session_set_cookie_params($lifetime, $path, $domain, $secure, $httponly); < PhpSession.php that session gets expired after $lifetime, regardless if user performs some action in the mean time. What if we would like session to expire after one hour of user inactivity only? We would need to update Expiration Date/Time after each action within a session timout, something like: setcookie(session_name(),session_id(),time()+$lifetime);

What would be the best way to implement this feature?

jsolowiej avatar Oct 18 '25 09:10 jsolowiej

Looks like adding an extra middleware (that sets a new cookie file) to the container:

SessionRefreshLifetimeMiddleware::class => function (ContainerInterface $container) {
    $settings = $container->get('settings');
    return new SessionRefreshLifetimeMiddleware($container->get(SessionInterface::class), $settings);
},

adding it to the middleware stack:

// Refresh session cookie lifetime
$app->add(SessionRefreshLifetimeMiddleware::class);

// Start the session
$app->add(SessionStartMiddleware::class);

works perflectly fine.

Proposal: add this feature to the SessionStartMiddleware. Adding a setting paramter (bool)$refreshLifeTime would make sense.

jsolowiej avatar Oct 18 '25 10:10 jsolowiej

Thank you for your investigation and feedback. You are welcome to create a PR. :-)

odan avatar Oct 18 '25 11:10 odan