如何在Zend Framework 2中设置会话超时

Question

I don't have much Zend experience and want to change someone's login code in Zend to make the session not expire.

It seems the code is basic behavior:

    $adapter = $this->getAuthService()->getAdapter();
    $adapter->setIdentity($email)->setCredential($password);

    $result = $this->getAuthService()->authenticate();

What do I have to do to make the session not expire or to at least set the session for a specific time?

Right now the user doesn't stay logged in for long, I think perhaps it is just relying on default php settings behavior like the standard 24 minutes for the gc_maxlifetime.

What is the connection between Zend_Session and AuthService?

Answer 1

I think what you need is extending the session cookie lifetime. For that you could use the rememberMe() function. Do this after authenticating the user :

Zend_Session::rememberMe(1209600); //1209600/3600 = 336 hours => 336/24 = 14 days

But extending the session cookie lifetime will not have an effect because the server will not recognize that cookie after gc_maxlifetime time elapsed.

To deal with this, you must ensure the PHP session.gc_maxlifetime setting is at least the same value as the value you passed to rememberMe() .

I don't know if it's good practice or not but you can increase the PHP Session Garbage Collection Time .

In your Bootstrap.php file, you can do this :

protected function __initSession() {
ini_set('session.gc_maxlifetime', 1209600);  // maxlifetime = 14 days
ini_set('session.gc_divisor', 1);
Zend_Session::start();
}

Or in the .htaccess file : (for 14 days)

php_value session.gc_maxlifetime 1209600

Hope this helps.

Answer 2

here is how to set the session timeout :

$session = new Zend_Session_Namespace( 'Zend_Auth' );
$session->setExpirationSeconds( 60 ); // 60 seconds

Answer 3

here is how to set the session timeout :

$session = new Zend_Session_Namespace( 'Zend_Auth' );
$session->setExpirationSeconds( 60 ); // 60 seconds

This works great for me.