Different session lifetime on different usecases


(Soren Malling) #1

The session configuration property inactivityTimeout inside Settings.yaml seems to be same for all sessions, no matter if it’s a authenticated session or a usage of session as a basket in webshop.

What is the possibilities way of having a “never timeout session” for my basket and a limited lifetime for my authenticated session?


(Oliver Eglseder) #2

I had a look into the code and it does not seem that defining a lifetime for session scoped objects is possible.

… You could, however, store the objects in a cache (ensure the cache backend supports lifetime -> not SimpleFileCache) and the cache identifier in the session. If a user resumes the session you fetch the Basket or whatever from the cache. If the cache does not exist it is expired.

the session timeout has to be at least the highest cache lifetime, but you want to work with unlimited sessions anyway.

A basket implementation could look like this:

<?php

use Neos\Flow\Annotations as Flow;

/**
 * @Flow\Scope("session")
 */
class Basket
{
    /**
     * TODO: configure Objects.yaml and Caches.yaml for this property
     *
     * @Flow\Inject()
     * @var \Neos\Cache\Frontend\VariableFrontend
     */
    protected $storage = null;

    /**
     * @Flow\InjectConfiguration(path="session.basket.lifetime")
     * @var int
     */
    protected $lifetime = 0;

    /**
     * @Flow\Inject()
     * @var \Neos\Flow\Session\Session
     */
    protected $session = null;

    /**
     * @return array
     */
    public function getLineItems()
    {
        // return the items or an empty array if there are either none or the cache expired
        return $this->storage->get($this->session->getId() . '_lineItems') ?: [];
    }

    /**
     * @param array $lineItems
     * @throws \Neos\Cache\Exception
     * @throws \Neos\Flow\Session\Exception\SessionNotStartedException
     */
    public function setLineItems(array $lineItems)
    {
        $this->storage->set($this->session->getId() . '_lineItems', $lineItems, [], $this->lifetime);
    }
}


(Oliver Eglseder) #3

(Theoretically) If you inject Flow_Session_Storage as Cache into the session object and tag the data with the sessions identifier the data associated with that session object should get removed when the session runs the garbage collection. The storage cache is tagged with the value of \Neos\Flow\Session\Session::$storageIdentifier