«
»

Retrieve session timeout in Symfony

by Ashish Datta

We were recently working on an application that required users to enter a significant amount of complex data that often meant that they had to look things up in between saves. Users kept running into the problem that their sfGuard sessions would timeout before they were able to click “Save” on the form which in turn caused them to loose all of their hard work. Obviously, this is lame so we decided to add a popup warning users that their session had expired and prompting them to login again before saving their data.

We decided to implement this by using setTimeout in Javascript to pop up a window once the user’s session had expired.

Setting the session length for a Symfony user is easy enough, open up app/config/factories.yml and add the following:

all:
  user:
    class: myUser
    param:
      timeout: 1800 # this is the default but you can change it at will (its in seconds)

As it turns out, the tricky part is how do you access this value inside the application? Un-characteristically, I couldn’t find anything in the Symfony documentation about how to access these variables. For whatever reason, sfConfig::get() doesn’t provide access to the variables in factories.yml.

In order to get that timeout value I used (inside a template):

  $userOptions = $sf_user->getOptions();
  $timeout = $userOptions["timeout"];

Anyway, once I figured that out the rest is pretty straightforward.

After $timeout a Javascript function opens a jQuery UI Dialog box informing the user that their session has expired and presents the standard sfGuard sign in form. I override the onSubmit of this form to perform the request via AJAX in the background (so the user doesn’t loose their data) and then if the credentials are valid the dialog closes and the user can go on their way. If the credentials are invalid, the form re-populates with any errors and the user can correct them to re-login to the app.

Hope everyone had a good Thanksgiving!

Tags: , , ,

This entry was posted on Tuesday, December 1st, 2009 at 2:10 pm and is filed under open source. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Retrieve session timeout in Symfony”

  1. Sid Says:
    December 21st, 2009 at 8:10 am

    Hi,

    that’s a pretty neat solution to a very common problem. Thanks for this :)

  2. mwinzeler Says:
    March 17th, 2010 at 10:29 am

    I think it would be better to check the timeout of a user session using $sf_user->isTimedOut().
    This flag is set automatically from symfony, so you don’t have to calculate the timeout on your own (what could be error prone since you must replicate the logic in sfBasicSecurityUser).

  3. Ashish Datta Says:
    March 17th, 2010 at 10:58 am

    @mwinzeler – the only problem with that is it’ll introduce another AJAX request on the client side since you would have to ping some URL to check if the user had actually timed out.

Leave a Reply