What are the Slack Archives?

It’s a history of our time together in the Slack Community! There’s a ton of knowledge in here, so feel free to search through the archives for a possible answer to your question.

Because this space is not active, you won’t be able to create a new post or comment here. If you have a question or want to start a discussion about something, head over to our categories and pick one to post in! You can always refer back to a post from Slack Archives if needed; just copy the link to use it as a reference..

Hi! Does Spryker has method to obligatory logout user after some period of time due to security reas

USWNH3UHJ
USWNH3UHJ Posts: 23 πŸ§‘πŸ»β€πŸš€ - Cadet
in Help

Hi! Does Spryker has method to obligatory logout user after some period of time due to security reason? Scenario is like active user is logout every month and needs to log in again.

Comments

  • Valerii Trots
    Valerii Trots SRE @ Spryker Sprykee Posts: 1,654 ✨ - Novice

    User in Zed or customer in Yves?

  • USWNH3UHJ
    USWNH3UHJ Posts: 23 πŸ§‘πŸ»β€πŸš€ - Cadet

    Customer in Yves

  • USWNH3UHJ
    USWNH3UHJ Posts: 23 πŸ§‘πŸ»β€πŸš€ - Cadet

    I found variable to logout non-active user and it works

    SessionConstants::YVES_SESSION_COOKIE_TIME_TO_LIVE

    but I’m looking to log out user who is active for a long time without loggin in

  • Valerii Trots
    Valerii Trots SRE @ Spryker Sprykee Posts: 1,654 ✨ - Novice
    edited March 2020

    I don't think that something like this exists.

  • Valerii Trots
    Valerii Trots SRE @ Spryker Sprykee Posts: 1,654 ✨ - Novice

    The suggestion is to modify cookie logic not to update it when the customer is active. This way cookie will be active just specified period of time no matter if the customer is active or not.

  • USWNH3UHJ
    USWNH3UHJ Posts: 23 πŸ§‘πŸ»β€πŸš€ - Cadet

    The point is that I want to log out non-active user anyway so this part of session logic is still needed

  • USWNH3UHJ
    USWNH3UHJ Posts: 23 πŸ§‘πŸ»β€πŸš€ - Cadet

    @valerii.trots btw where I can find this cookie logic?

  • UKHD8KTMF
    UKHD8KTMF Posts: 393 πŸ§‘πŸ»β€πŸš€ - Cadet

    PHP will set cookie lifetime to 0 - valid until browser is closed. There is no magic. If you want to change this then you need to change cookie_lifetime settings on your server https://www.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime

  • USWNH3UHJ
    USWNH3UHJ Posts: 23 πŸ§‘πŸ»β€πŸš€ - Cadet

    What i mean is where is the logic in Spryker to logout the user when YVES_SESSION_COOKIE_TIME_TO_LIVE expire

Categories