We were recently working on an application that required users to enter a significant amount of complex data that often meant that they had to look things up in between saves. Users kept running into the problem that their sfGuard sessions would timeout before they were able to click “Save” on the form which in turn caused them to loose all of their hard work. Obviously, this is lame so we decided to add a popup warning users that their session had expired and prompting them to login again before saving their data.
We decided to implement this by using setTimeout in Javascript to pop up a window once the user’s session had expired.
Setting the session length for a Symfony user is easy enough, open up app/config/factories.yml and add the following:
all:
user:
class: myUser
param:
timeout: 1800 # this is the default but you can change it at will (its in seconds)
As it turns out, the tricky part is how do you access this value inside the application? Un-characteristically, I couldn’t find anything in the Symfony documentation about how to access these variables. For whatever reason, sfConfig::get() doesn’t provide access to the variables in factories.yml.
In order to get that timeout value I used (inside a template):
$userOptions = $sf_user->getOptions();
$timeout = $userOptions["timeout"];
Anyway, once I figured that out the rest is pretty straightforward.
After $timeout a Javascript function opens a jQuery UI Dialog box informing the user that their session has expired and presents the standard sfGuard sign in form. I override the onSubmit of this form to perform the request via AJAX in the background (so the user doesn’t loose their data) and then if the credentials are valid the dialog closes and the user can go on their way. If the credentials are invalid, the form re-populates with any errors and the user can correct them to re-login to the app.
Hope everyone had a good Thanksgiving!