PHP Session, cookie lifetime

[jsolowiej]

Hi,
I followed session implementation from your book. As far as I can see, you set up session cookie in a way:
session_set_cookie_params($lifetime, $path, $domain, $secure, $httponly); < PhpSession.php
that session gets expired after $lifetime, regardless if user performs some action in the mean time.
What if we would like session to expire after one hour of user inactivity only? We would need to update Expiration Date/Time after each action within a session timout, something like:
setcookie(session_name(),session_id(),time()+$lifetime);

What would be the best way to implement this feature?

[jsolowiej]

Looks like adding an extra middleware (that sets a new cookie file) to the container:

SessionRefreshLifetimeMiddleware::class => function (ContainerInterface $container) {
    $settings = $container->get('settings');
    return new SessionRefreshLifetimeMiddleware($container->get(SessionInterface::class), $settings);
},

adding it to the middleware stack:

// Refresh session cookie lifetime
$app->add(SessionRefreshLifetimeMiddleware::class);

// Start the session
$app->add(SessionStartMiddleware::class);

works perflectly fine.

Proposal:
add this feature to the SessionStartMiddleware. Adding a setting paramter (bool)$refreshLifeTime would make sense.

[odan]

Thank you for your investigation and feedback. You are welcome to create a PR. :-)