The session configuration property inactivityTimeout inside Settings.yaml seems to be same for all sessions, no matter if it’s a authenticated session or a usage of session as a basket in webshop.
What is the possibilities way of having a “never timeout session” for my basket and a limited lifetime for my authenticated session?
I had a look into the code and it does not seem that defining a lifetime for session scoped objects is possible.
… You could, however, store the objects in a cache (ensure the cache backend supports lifetime -> not SimpleFileCache) and the cache identifier in the session. If a user resumes the session you fetch the Basket or whatever from the cache. If the cache does not exist it is expired.
the session timeout has to be at least the highest cache lifetime, but you want to work with unlimited sessions anyway.
A basket implementation could look like this:
<?php
use Neos\Flow\Annotations as Flow;
/**
* @Flow\Scope("session")
*/
class Basket
{
/**
* TODO: configure Objects.yaml and Caches.yaml for this property
*
* @Flow\Inject()
* @var \Neos\Cache\Frontend\VariableFrontend
*/
protected $storage = null;
/**
* @Flow\InjectConfiguration(path="session.basket.lifetime")
* @var int
*/
protected $lifetime = 0;
/**
* @Flow\Inject()
* @var \Neos\Flow\Session\Session
*/
protected $session = null;
/**
* @return array
*/
public function getLineItems()
{
// return the items or an empty array if there are either none or the cache expired
return $this->storage->get($this->session->getId() . '_lineItems') ?: [];
}
/**
* @param array $lineItems
* @throws \Neos\Cache\Exception
* @throws \Neos\Flow\Session\Exception\SessionNotStartedException
*/
public function setLineItems(array $lineItems)
{
$this->storage->set($this->session->getId() . '_lineItems', $lineItems, [], $this->lifetime);
}
}
(Theoretically) If you inject Flow_Session_Storage as Cache into the session object and tag the data with the sessions identifier the data associated with that session object should get removed when the session runs the garbage collection. The storage cache is tagged with the value of \Neos\Flow\Session\Session::$storageIdentifier
@sorenmalling do you know if there has been any progress on this topic? I need it as well just in a slightly different way. I want to have session of unauthenticated users expire a lot sooner (after an hour e.g.) than the sessions of authenticated users (e.g. 12 hours).
We don’t really use sessions for unauthenticated users but have issues with Redis memory because it needs to keep session in memory a lot longer than it would be needed.
To my knowledge the topic has not been addressed further 
It could come as a post-account-interface-work topic as we touch the Token concept.
What I’ve learned since, is that what I described, moves towards a authenticated token can have a lifetime unless it’s SessionLess. So move the lifetime concept away from the session and onto the token.