Download the PHP package bvisonl/inactivity-bundle without Composer
On this page you can find all versions of the php package bvisonl/inactivity-bundle. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download bvisonl/inactivity-bundle
More information about bvisonl/inactivity-bundle
Files in bvisonl/inactivity-bundle
Package inactivity-bundle
Short Description Symfony2 Bundle to handle user Inactivity and Session idle time outs
License MIT
Informations about the package inactivity-bundle
BvisonlInactivityBundle
Introduction
The purpose of this bundle is to provide a "better" way of handling the log in session of an User in Symfony2. While handling multiple tabs opened and client idletime.
I have to thank (https://github.com/JillElaine/jquery-idleTimeout) for giving me the ideas of how to implement this. Sadly, that bundle was not working properly for me and also it just covered the client part of the issue that I was having so I decided to just make something that merged both client and server.
Pre-requisites
This bundle depends on store.js ==> https://github.com/marcuswestin/store.js/
Installation
-
Install via composer
-
Add to the AppKernel
- Define the bvisonl_session_timeout parameter in your parameters.yml
If you are using the cookie_lifetime, set it up to a very high value in your config.yml:
Also, if you intend to use this parameter in your HTML (as shown below). You must define it in your twig globals in your config.yml:
-
Add the javascript somewhere in your HTML (i.e. in the base.html.twig)
-
Configure the JS plugin to check for user activity
-
Add the routes of the bundle in the routing.yml if using default ping function:
- Remember to clear your cache, install assets, and if using assetic to install them as well
How it works
Basically, if configured as shown above, the process divides itself in 2:
~ Server
On the server, there is a listener that keeps...well...listening the last time a session was used, and compares it to the session_lifetime parameter. If the session should be destroyed, then it will be destroyed. Simple enough for the server.
~ Client
In Symfony2, if you do not affect the session for a configurable amount of time, the session will be destroyed and you won't be able to perform any requests to any secured route. However, let's say that an user is analyzing a very complex report on screen scrolling around and you have the lifetime of your session to 5 minutes, when the user finishes working on the report and attempts to move around the app. On the next request, Symfony2 will re-route the user to the login screen.
To solve this, the plugin takes care of tracking the configured events and maintaining timers (using the store.js). Also, in conjunction with the pingServer functionality, the client will keep pinging the server (which should return a 204, 200 is no good since Symfony2 may return code 200 when redirecting the request to the login screen, if you use the default settings you shouldn't worry about this) everytime the client pings the server, it tells Symfony2's session that the user is still active therefore it won't log them off.
Todo
- Maybe: Add dialog window before logging out
All versions of inactivity-bundle with dependencies
symfony/framework-bundle Version ^2.8
symfony/security-bundle Version ^2.8