├── .gitignore
├── src
    └── Lionware
    │   └── SymfonySessionTimeoutBundle
    │       ├── LionwareSymfonySessionTimeoutBundle.php
    │       ├── Resources
    │           └── config
    │           │   └── listeners.yml
    │       ├── DependencyInjection
    │           ├── Configuration.php
    │           └── LionwareSymfonySessionTimeoutExtension.php
    │       └── EventListener
    │           └── SessionListener.php
├── composer.json
├── LICENSE
└── README.md


/.gitignore:
--------------------------------------------------------------------------------
1 | vendor/
2 | composer.lock
3 | phpunit.xml
4 | .idea/
5 | 


--------------------------------------------------------------------------------
/src/Lionware/SymfonySessionTimeoutBundle/LionwareSymfonySessionTimeoutBundle.php:
--------------------------------------------------------------------------------
1 | <?php
2 | namespace Lionware\SymfonySessionTimeoutBundle;
3 | 
4 | use Symfony\Component\HttpKernel\Bundle\Bundle;
5 | 
6 | class LionwareSymfonySessionTimeoutBundle extends Bundle
7 | {
8 | 
9 | }


--------------------------------------------------------------------------------
/src/Lionware/SymfonySessionTimeoutBundle/Resources/config/listeners.yml:
--------------------------------------------------------------------------------
1 | parameters:
2 |     lionware_symfony_session_timeout.listener.session.class: Lionware\SymfonySessionTimeoutBundle\EventListener\SessionListener
3 | services:
4 |     lionware_symfony_session_timeout.listener.session:
5 |         class: '%lionware_symfony_session_timeout.listener.session.class%'
6 |         arguments: ['%lionware_symfony_session_timeout.session.expiration_time%']
7 |         tags:
8 |             - { name: kernel.event_listener, event: kernel.request, method: onKernelRequest, priority: 9 }
9 | 


--------------------------------------------------------------------------------
/composer.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "lionware/symfony-session-timeout",
 3 |   "description": "Invalidate Symfony sessions based on inactivity for a certain period of time",
 4 |   "minimum-stability": "stable",
 5 |   "license": "MIT",
 6 |   "authors": [
 7 |     {
 8 |       "name": "Nick Stemerdink",
 9 |       "email": "nick.stemerdink@lionware.solutions"
10 |     }
11 |   ],
12 |   "require": {
13 |     "php": ">=5.3.9",
14 |     "symfony/framework-bundle": ">=2.0"
15 |   },
16 |   "autoload": {
17 |     "psr-4": {
18 |       "Lionware\\SymfonySessionTimeoutBundle\\": "src/Lionware/SymfonySessionTimeoutBundle/"
19 |     }
20 |   }
21 | }
22 | 


--------------------------------------------------------------------------------
/src/Lionware/SymfonySessionTimeoutBundle/DependencyInjection/Configuration.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | namespace Lionware\SymfonySessionTimeoutBundle\DependencyInjection;
 3 | 
 4 | use Symfony\Component\Config\Definition\Builder\TreeBuilder;
 5 | use Symfony\Component\Config\Definition\ConfigurationInterface;
 6 | 
 7 | class Configuration implements ConfigurationInterface
 8 | {
 9 |     /**
10 |      * Generates the configuration tree.
11 |      *
12 |      * @return TreeBuilder
13 |      */
14 |     public function getConfigTreeBuilder()
15 |     {
16 |         $treeBuilder = new TreeBuilder('lionware_symfony_session_timeout');
17 |         $rootNode = \method_exists($treeBuilder, 'getRootNode') ? $treeBuilder->getRootNode() : $treeBuilder->root('lionware_symfony_session_timeout');
18 | 
19 |         $rootNode->children()
20 |             ->arrayNode('session')->isRequired()->children()
21 |             ->integerNode('expiration_time')->isRequired()->end()
22 |         ->end();
23 | 
24 |         return $treeBuilder;
25 |     }
26 | }
27 | 


--------------------------------------------------------------------------------
/src/Lionware/SymfonySessionTimeoutBundle/DependencyInjection/LionwareSymfonySessionTimeoutExtension.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | namespace Lionware\SymfonySessionTimeoutBundle\DependencyInjection;
 3 | 
 4 | use Symfony\Component\Config\FileLocator;
 5 | use Symfony\Component\DependencyInjection\ContainerBuilder;
 6 | use Symfony\Component\DependencyInjection\Extension\Extension;
 7 | use Symfony\Component\DependencyInjection\Loader\YamlFileLoader;
 8 | 
 9 | 
10 | class LionwareSymfonySessionTimeoutExtension extends Extension
11 | {
12 |     /**
13 |      * @inheritDoc
14 |      */
15 |     public function load(array $config, ContainerBuilder $container)
16 |     {
17 |         $configuration = new Configuration();
18 | 
19 |         $config = $this->processConfiguration($configuration, $config);
20 | 
21 |         $container->setParameter(
22 |             'lionware_symfony_session_timeout.session.expiration_time',
23 |             $config['session']['expiration_time']
24 |         );
25 | 
26 |         $loader = new YamlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config'));
27 |         $loader->load('listeners.yml');
28 | 
29 |     }
30 | }


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2015 Lionware
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 
23 | 


--------------------------------------------------------------------------------
/src/Lionware/SymfonySessionTimeoutBundle/EventListener/SessionListener.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | namespace Lionware\SymfonySessionTimeoutBundle\EventListener;
 3 | 
 4 | use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 5 | 
 6 | /**
 7 |  * @author Nick Stemerdink <nick.stemerdink@lionware.solutions>
 8 |  */
 9 | class SessionListener
10 | {
11 |     /** @var int */
12 |     private $expirationTime;
13 | 
14 |     public function __construct($expirationTime)
15 |     {
16 |         if (!is_integer($expirationTime)) {
17 |             throw new \InvalidArgumentException(
18 |                 sprintf('$expirationTime is expected be of type integer, %s given', gettype($expirationTime))
19 |             );
20 |         }
21 | 
22 |         $this->expirationTime = $expirationTime;
23 |     }
24 | 
25 |     public function onKernelRequest(GetResponseEvent $event)
26 |     {
27 |         if ($event->isMasterRequest()) {
28 |             $request = $event->getRequest();
29 |             $session = $request->getSession();
30 | 
31 |             $session->start();
32 |             $metaData = $session->getMetadataBag();
33 | 
34 |             $timeDifference = time() - $metaData->getLastUsed();
35 |             if ($timeDifference > $this->expirationTime) {
36 |                 $session->invalidate();
37 |             }
38 |         }
39 |     }
40 | }


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Symfony session timeout
 2 | Invalidate Symfony sessions based on inactivity for a certain period of time.
 3 | 
 4 | This does not make use of garbage collection as suggested in http://symfony.com/doc/current/components/http_foundation/session_configuration.html#session-idle-time-keep-alive.
 5 | This method is more accurate and does not depend on garbage collection parameters to function well.
 6 | 
 7 | ## Installation
 8 | 
 9 | Add SymfonySessionTimeout in your composer.json
10 | 
11 | ```json
12 | {
13 |     "require": {
14 |         "lionware/symfony-session-timeout": "*"
15 |     }
16 | }
17 | ```
18 | 
19 | Register the bundle in your `app/AppKernel.php`:
20 | 
21 | ```php
22 | public function registerBundles()
23 | {
24 |     $bundles = array(
25 |         // ...
26 |         new Lionware\SymfonySessionTimeoutBundle\LionwareSymfonySessionTimeoutBundle()
27 |     );
28 | )
29 | ```
30 | 
31 | Add the parameter in `app/config/parameters.yml` and set the value to your preferred expiration time (which is set to an hour in this example).
32 | ```yml
33 | parameters:
34 |     lionware_session_expiration_time: 3600
35 | ```
36 | 
37 | Add the configuration in `app/config/config.yml`
38 | 
39 | ```yml
40 | lionware_symfony_session_timeout:
41 |     session:
42 |         expiration_time: "%lionware_session_expiration_time%"
43 | ```
44 | 
45 | ## Notes
46 | ### Cookie expiration
47 | Expiration of the cookie also means expiration of the session, therefore it is wise to set it to a relatively high value or 0 (valid for the length of the browser session).
48 | 
49 | ```yml
50 | # app/config/config.yml
51 | framework:
52 |     session:
53 |         cookie_lifetime: 0
54 | ```
55 | 


--------------------------------------------------------------------------------