Add absoluteAuthTimeout to yii\web\User.

This is based on the code from Yii 1.1.14 by Ivo Kund.

Add absoluteAuthTimeout to yii\web\User.
f6c589f0 · Nikola Kovacs · 7ef0d760 · f6c589f0
Commit f6c589f0 authored Jul 16, 2014 by Nikola Kovacs
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 4 deletions

User.php framework/web/User.php +20 -4

No files found.
--- a/framework/web/User.php
+++ b/framework/web/User.php
@@ -99,9 +99,16 @@ class User extends Component
     * @var integer the number of seconds in which the user will be logged out automatically if he
     * remains inactive. If this property is not set, the user will be logged out after
     * the current session expires (c.f. [[Session::timeout]]).
+     * Note that this will not work if [[enableAutoLogin]] is true.
     */
    public $authTimeout;
    /**
+     * @var integer the number of seconds in which the user will be logged out automatically
+     * regardless of activity.
+     * Note that this will not work if [[enableAutoLogin]] is true.
+     */
+    public $absoluteAuthTimeout;
+    /**
     * @var boolean whether to automatically renew the identity cookie each time a page is requested.
     * This property is effective only when [[enableAutoLogin]] is true.
     * When this is false, the identity cookie will expire after the specified duration since the user
@@ -120,6 +127,11 @@ class User extends Component
     */
    public $authTimeoutParam = '__expire';
    /**
+     * @var string the session variable name used to store the value of absolute expiration timestamp of the authenticated state.
+     * This is used when [[absoluteAuthTimeout]] is set.
+     */
+    public $absoluteAuthTimeoutParam = '__absolute_expire';
+    /**
     * @var string the session variable name used to store the value of [[returnUrl]].
     */
    public $returnUrlParam = '__returnUrl';
@@ -544,6 +556,9 @@ class User extends Component
            if ($this->authTimeout !== null) {
                $session->set($this->authTimeoutParam, time() + $this->authTimeout);
            }
+            if ($this->absoluteAuthTimeout !== null) {
+                $session->set($this->absoluteAuthTimeoutParam, time() + $this->absoluteAuthTimeout);
+            }
            if ($duration > 0 && $this->enableAutoLogin) {
                $this->sendIdentityCookie($identity, $duration);
            }
@@ -577,11 +592,12 @@ class User extends Component
        $this->setIdentity($identity);
-        if ($this->authTimeout !== null && $identity !== null) {
+        if (($this->authTimeout !== null || $this->absoluteAuthTimeout !== null) && $identity !== null) {
-            $expire = $session->get($this->authTimeoutParam);
+            $expire = $this->authTimeout !== null ? $session->get($this->authTimeoutParam) : null;
-            if ($expire !== null && $expire < time()) {
+            $expireAbsolute = $this->absoluteAuthTimeout !== null ? $session->get($this->absoluteAuthTimeoutParam) : null;
+            if ($expire !== null && $expire < time() || $expireAbsolute !== null && $expireAbsolute < time()) {
                $this->logout(false);
-            } else {
+            } elseif ($this->authTimeout !== null) {
                $session->set($this->authTimeoutParam, time() + $this->authTimeout);
            }
        }