Welcome Guest, Not a member yet? Register   Sign In
ajax check session expiration
#1

Hi,

I have set up my own auth library, working with sessions (files driver in CI3).

I want to add a periodic ajax check to verify if the user's session has not expired : for example, if the user left his browser open but didn't do anything during 5 minutes, I will display a re-login form in a modal window (similar to the one in Wordpress or phpMyAdmin).
So I have a JS function called periodically (every 10 minutes for example) which makes an ajax request to a specific Ajax controller in my app. The problem is that this controller extends the CI_Controller and the session is automatically refreshed when the controller is called, before I can make my session check. So the session never expires because of this periodic ajax call.

Do I need to add a session variable 'last_activity' which would store the timestamp of the last real action made by the user ? if this timestamp is not refreshed by the ajax call, I think this could work.

But I'm wondering if there is not a better way for doing that, or maybe something I missed in the core CI Session library.

thanks for your advices and help !
Reply
#2

I haven't used in CI3 session stuff, but I do all this in the browser with JS.  If you're just after a timeout sort of thing, you could do something like this using a tiny JS library (https://github.com/shawnmclean/Idle.js):

Code:
   var paths = window.location.pathname.split( '/' );
   var segment = paths[2];
   // this is because the owners only want people to be logged out if they are at these controllers
   if (segment == 'jobs' || segment == 'home') {
       var awayCallback = function() {
           // this is where we log them out and capture WHY (parameter = idle so we can logout and do a flash msg telling them why they were logged out)
           location.href = '/app/auth/logout/idle';
           // alert("away");
       };
       var awayBackCallback = function() {
           setMessage("back");
       };
       var hiddenCallback = function() {
           setMessage("User is not looking at page");
       };
       var visibleCallback = function(){
           setMessage("User started looking at page again")
       };
       var idle = new Idle({
           onHidden : hiddenCallback,
           onVisible : visibleCallback,
           onAway : awayCallback,
           onAwayBack : awayBackCallback,
           awayTimeout : 900000 // 15 minutes
       }).start();
   }

HTH.  Michael
Reply
#3

I use a different technique:

1. For normal requests - for the non-public pages the corresponding base controller checks whether a user is logged in and if not - redirects to the login page.

2. For non-public AJAX requests - if a user is not logged in, the response HTTP result code is 403, then the javascript makes the jump to the login page - http://viralpatel.net/blogs/jquery-ajax-...uest-ajax/

This is the fragment of code I use:

Code:
<?php defined('BASEPATH') or exit('No direct script access allowed');

// See http://viralpatel.net/blogs/jquery-ajax-handling-unauthenticated-request-ajax/

?>

    <script type="text/javascript">
    //<![CDATA[
    $(function () {
        $(document).ajaxError(function(e, request) {
            if (request.status == 403) {
                window.location.href = site_url + 'login';
            }
        });
    });
    //]]>
    </script>
Reply
#4

Put session live to 5 minutes (3000 seconds) and active session using database.
Your request every 10 minutes :
- create in user_data a field like key ($this->session->set_userdata('key') = 1 for example at the connexion).
- check if isset and != '' for this session variable with your ajax request at 10 minutes and if is not isset or == '', send an ajax answer with a status. When this status is received in your view, alert your message of login again.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB