The problem: make symfony use PHP's default session behavior. Symfony session handling is based on timed sessions - you set a time after which the session will expire - but the default PHP behavior is to expire when the user closes the browser window. This is also the most commonly desired behavior for sessions. The drawback of using a timed session is that it could expire while the user is still on the site. This is an issue in LectureTools, because students may sit for an hour or more without loading a new page, and they may even have logged in before class. You can solve this little problem easily if you are using symfony 1.1 (currently in beta). Just set the timeout to false in settings.yml:
all:
.settings:
timeout: false
But if you are using the stable 1.0 branch of symfony, this will do just the opposite - it will make your sessions time out immediately! To make this work, we have to override
sfBasicSecurityUser's
initialize() method. I will describe two ways to do this; one is a short hack, the other is longer and somewhat more proper.
Here's the short way:
class myUser extends sfBasicSecurityUser
{
public function initialize($context, $parameters = null)
{
if (sfConfig::get('sf_timeout') == 0) {
// session will expire if window is open for a day
sfConfig::set('sf_timeout', 86400);
}
return parent::initialize($context, $parameters);
}
}
This works because the
sf_timeout setting is not used by any other class (at the moment), so changing it doesn't have any side effects. If you set your timeout to 0 or false, symfony will always think you have set the session timeout to 24 hours, but the session will actually expire when the user closes the browser window.
If you are not comfortable with "hacks" like the above, you could copy
the initialize() method from
sfBasicSecurityUser, change it in the appropriate place, and skip calling the parent constructor altogether. Unfortunately,
sfBasicSecurityUser calls
its parent constructor, so you have to rewrite them both:
class myUser extends sfBasicSecurityUser
{
public function initialize($context, $parameters = null)
{
$this->context = $context;
$this->parameterHolder = new sfParameterHolder();
$this->parameterHolder->add($parameters);
$this->attributeHolder = new sfParameterHolder(self::ATTRIBUTE_NAMESPACE);
// read attributes from storage
$attributes = $context->getStorage()->read(self::ATTRIBUTE_NAMESPACE);
if (is_array($attributes))
{
foreach ($attributes as $namespace => $values)
{
$this->attributeHolder->add($values, $namespace);
}
}
// set the user culture to sf_culture parameter if present in the request
// otherwise
// - use the culture defined in the user session
// - use the default culture set in i18n.yml
if (!($culture = $context->getRequest()->getParameter('sf_culture')))
{
if (null === ($culture = $context->getStorage()->read(self::CULTURE_NAMESPACE)))
{
$culture = sfConfig::get('sf_i18n_default_culture', 'en');
}
}
$this->setCulture($culture);
// read data from storage
$storage = $this->getContext()->getStorage();
$this->authenticated = $storage->read(self::AUTH_NAMESPACE);
$this->credentials = $storage->read(self::CREDENTIAL_NAMESPACE);
$this->lastRequest = $storage->read(self::LAST_REQUEST_NAMESPACE);
if ($this->authenticated == null)
{
$this->authenticated = false;
$this->credentials = array();
}
else
{
// Automatic logout logged in user if no request within [sf_timeout] setting
if (0 != sfConfig::get('sf_timeout') && null !== $this->lastRequest && (time() - $this->lastRequest) > sfConfig::get('sf_timeout'))
{
if (sfConfig::get('sf_logging_enabled'))
{
$this->getContext()->getLogger()->info('{sfUser} automatic user logout due to timeout');
}
$this->setTimedOut();
$this->setAuthenticated(false);
}
}
$this->lastRequest = time();
}
}
That should do it!