Search code examples
phpajaxsymfonysessionsymfony-security

Session ends even if application is alive and people are working on it

I'm having a "weird" issue in a application I'm working on and so far I can't find a fix for this. The application use Symfony2.6.x and relies in several Ajax calls. All the time request are made through Ajax. So, when I login into the app (uses FOSUserBundle) Symfony automatically start a new session, right? Ok, from that moment until the time defined at config.yml (see config below) for session lifetime the application still working but at some point I got redirected to the login page and session is closed even if I'm actively working on the app. My best approach is that AJAX calls are not taken into account for the lifetime of a session in Symfony or in PHP, I'm right?

My best approach and solution for this issue, do not know if I'm right and neither have tried, I want to listen the opinion of some here in SO, is to regenerate the ID of the session (by calling migrate() on the current active session) each time an AJAX call is made so this way the session would maintain active, is that approach correct? Any advice around this?

This is my configuration at config.yml for session section:

config.yml

framework:
    session:
        # session will expire after 10 minutes of inactivity 
        handler_id:  ~
        cookie_lifetime: 2400 
        gc_maxlifetime: 600 # session will expire after 10 minutes of inactivity
        gc_probability: 0
        gc_divisor: 100

Note: this post and this other from me talks about the same basically but I still not fixing this issue and it's killing my app and my head trying to find a solution.

Solution

  • Questions:
    - do you work remotely? If so, do you have the changes at your end auto-saved instantly on the server or you need to save them manually to become operational?
    - have you timed the length of your real session (from login to being cut-off)? Is it the same length of time?
    Guestimate:
    Without the above, I believe your problem to be the settings of the session expiry settings and there might be an event somewhere on the line (between you and the server) which triggers the reset of the session. [Have you tried to work with two windows opened? You know, login and then work in a different window but keep the post login one opened...]
    If it's because of a short session settings than please try the following:
    php_value session.cookie_lifetime 0
    php_value session.gc_maxlifetime 60000
    That gives you plenty of session time or until you close the browser/cut the connection...