Commit 28246f49 by Qiang Xue

Merge pull request #4325 from nkovacs/4317-absolute-auth-timeout

absolute auth timeout
parents c9dff530 19bbaf61
......@@ -140,6 +140,7 @@ Yii Framework 2 Change Log
- Enh #4114: Added `Security::generateRandomBytes()`, improved tests (samdark)
- Enh #4209: Added `beforeCopy`, `afterCopy`, `forceCopy` properties to AssetManager (cebe)
- Enh #4297: Added check for DOM extension to requirements (samdark)
- Enh #4317: Added `absoluteAuthTimeout` to yii\web\User (ivokund, nkovacs)
- Enh: Added support for using sub-queries when building a DB query with `IN` condition (qiangxue)
- Enh: Supported adding a new response formatter without the need to reconfigure existing formatters (qiangxue)
- Enh: Added `yii\web\UrlManager::addRules()` to simplify adding new URL rules (qiangxue)
......
......@@ -99,9 +99,16 @@ class User extends Component
* @var integer the number of seconds in which the user will be logged out automatically if he
* remains inactive. If this property is not set, the user will be logged out after
* the current session expires (c.f. [[Session::timeout]]).
* Note that this will not work if [[enableAutoLogin]] is true.
*/
public $authTimeout;
/**
* @var integer the number of seconds in which the user will be logged out automatically
* regardless of activity.
* Note that this will not work if [[enableAutoLogin]] is true.
*/
public $absoluteAuthTimeout;
/**
* @var boolean whether to automatically renew the identity cookie each time a page is requested.
* This property is effective only when [[enableAutoLogin]] is true.
* When this is false, the identity cookie will expire after the specified duration since the user
......@@ -120,6 +127,11 @@ class User extends Component
*/
public $authTimeoutParam = '__expire';
/**
* @var string the session variable name used to store the value of absolute expiration timestamp of the authenticated state.
* This is used when [[absoluteAuthTimeout]] is set.
*/
public $absoluteAuthTimeoutParam = '__absolute_expire';
/**
* @var string the session variable name used to store the value of [[returnUrl]].
*/
public $returnUrlParam = '__returnUrl';
......@@ -544,6 +556,9 @@ class User extends Component
if ($this->authTimeout !== null) {
$session->set($this->authTimeoutParam, time() + $this->authTimeout);
}
if ($this->absoluteAuthTimeout !== null) {
$session->set($this->absoluteAuthTimeoutParam, time() + $this->absoluteAuthTimeout);
}
if ($duration > 0 && $this->enableAutoLogin) {
$this->sendIdentityCookie($identity, $duration);
}
......@@ -577,11 +592,12 @@ class User extends Component
$this->setIdentity($identity);
if ($this->authTimeout !== null && $identity !== null) {
$expire = $session->get($this->authTimeoutParam);
if ($expire !== null && $expire < time()) {
if (($this->authTimeout !== null || $this->absoluteAuthTimeout !== null) && $identity !== null) {
$expire = $this->authTimeout !== null ? $session->get($this->authTimeoutParam) : null;
$expireAbsolute = $this->absoluteAuthTimeout !== null ? $session->get($this->absoluteAuthTimeoutParam) : null;
if ($expire !== null && $expire < time() || $expireAbsolute !== null && $expireAbsolute < time()) {
$this->logout(false);
} else {
} elseif ($this->authTimeout !== null) {
$session->set($this->authTimeoutParam, time() + $this->authTimeout);
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment