Set session expiration time based on user role in CodeIgniter 4

Hi everyone,

I'm working with CodeIgniter 4 and I need to configure the session expiration time dynamically based on the user role at login.

I understand that, by default, CodeIgniter loads session settings from app/Config/Session.php, where the 'expiration' value is defined. However, this configuration is static and applied globally.

What I want to achieve is something like this:

• If the user has the admin role, their session should last longer.
  
• If the user has a standard role, the session should expire sooner.
  

I’m wondering if there’s a recommended way to override the session expiration time at runtime based on the user role. Is it possible to change the expiration after login, or would I need to implement a custom logic to handle expiration manually?

Any advice or example would be greatly appreciated.
Thanks in advance!

If you are using Shield, you can do it by extending Session Authenticator, then adjust the startLogin() method. inside that method there is a setSessionUserKey(), which is where the user session is written. you can modify it with setTempdata().

@xxxx[{::::::::::::::::::::::::::::::::>

Hi everyone,

I'm working with CodeIgniter 4 and I need to configure the session expiration time dynamically based on the user role at login.

I understand that, by default, CodeIgniter loads session settings from app/Config/Session.php, where the 'expiration' value is defined. However, this configuration is static and applied globally.

What I want to achieve is something like this:

• If the user has the admin role, their session should last longer.
  
• If the user has a standard role, the session should expire sooner.
  

I’m wondering if there’s a recommended way to override the session expiration time at runtime based on the user role. Is it possible to change the expiration after login, or would I need to implement a custom logic to handle expiration manually?

Any advice or example would be greatly appreciated.
Thanks in advance!

I have a session.user variable to check if "logged in" and use the following code in a preController.php. You could change to base on user role.

Code:

session()->markAsTempdata('user', ENVIRONMENT == 'development' ? 3600 * 2 : 3600 * .5);

Hi everyone,

I'm working with CodeIgniter 4 and I need to configure the session expiration time dynamically based on the user role at login.

I understand that, by default, CodeIgniter loads session settings from app/Config/Session.php, where the 'expiration' value is defined. However, this configuration is static and applied globally.

What I want to achieve is something like this:

• If the user has the admin role, their session should last longer.
  
• If the user has a standard role, the session should expire sooner.
  

I’m wondering if there’s a recommended way to override the session expiration time at runtime based on the user role. Is it possible to change the expiration after login, or would I need to implement a custom logic to handle expiration manually?

Any advice or example would be greatly appreciated. fr legends mod koenigsegg
Thanks in advance!

Yes, you can override session expiration dynamically after login by updating session()->set() with custom timeout logic based on user role—just ensure session regeneration to apply the new lifetime correctly.

Create an implicit registrar. Apply your logic to determine expiration time and return the updated expiration value. Something like the following:

PHP Code:

<?php

namespace CodeIgniter\Shield\Config;

class Registrar
{
    public static function Session(): array
    {
        $expiration = 7200; // This is the default value, modify with whatever logic you deem fit
        return [
            'expiration' => $expiration,
        ];
    }
} 


Halberd | CodeIgniter Sandbox