I am using sfGuard as the authentication plugin in my project. I want to invoke certain client side & server side scripts on session timeout. What is the best way I can do this.
Please help! Thanks a lot.
Well I've been reading the sfGuardSecurityUser
and it extends the sfBasicSecurityUser
class, which handles user authentication, profile, credentials, etc.
So, I found a function in sfBasicSecurityUser
that determines whether a users sessions is timed put called isTimedOut
, and also setTimedOut
If you want to do something when user's session times out, at least on server side, you should listen to the event that is throw when this happens. Check this method:
This could be found in the symfony_core_root_dir/lib/user/sfBasicSecurityUser.class.php
public function initialize(sfEventDispatcher $dispatcher, sfStorage $storage, $options = array())
// initialize parent
parent::initialize($dispatcher, $storage, $options);
if (!array_key_exists('timeout', $this->options))
$this->options['timeout'] = 1800;
// force the max lifetime for session garbage collector to be greater than timeout
if (ini_get('session.gc_maxlifetime') < $this->options['timeout'])
ini_set('session.gc_maxlifetime', $this->options['timeout']);
// read data from storage
$this->authenticated = $storage->read(self::AUTH_NAMESPACE);
$this->credentials = $storage->read(self::CREDENTIAL_NAMESPACE);
$this->lastRequest = $storage->read(self::LAST_REQUEST_NAMESPACE);
if (null === $this->authenticated)
$this->authenticated = false;
$this->credentials = array();
// Automatic logout logged in user if no request within timeout parameter seconds
$timeout = $this->options['timeout'];
if (false !== $timeout && null !== $this->lastRequest && time() - $this->lastRequest >= $timeout)
if ($this->options['logging'])
$this->dispatcher->notify(new sfEvent($this, 'application.log', array('Automatic user logout due to timeout')));
$this->lastRequest = time();
For client side, you might start thinking about HTML 5 and Javascript Workers. The idea could be setting a worker when page loads, and telling him count till session_time_out
, then redirecting to a login page or something.