I want to have a longtime valid Login, which should be valid a a user logs himself out (“remember my login” function).
So if a user revisits the page is still logged in.
But after some time the Session disappears from the persistent Cache and you have to login again.
Is SimpleFileBackend the right thing to use? Or do I need further configuration?
* A caching backend which stores cache entries in files, but does not support or
* care about expiry times and tags.
class SimpleFileBackend extends IndependentAbstractBackend implements PhpCapableBackendInterface, IterableBackendInterface
Thanks for your help,
SimpleFileBackend is a bad idea for this AFAIK, because it doesn’t support tagging and lifetimes.
Keep the default ones if you use file caches. Also make sure those are definitely not deleted on deploy.
First I tried
but same experience. But with both “solutions” they are not deleted after an deployment.
And forgot to mention lifetime is set to an year.
Did you try to use Redis as a backend? We do use redis and got no issues so far
No I didn’t, but will give it a try. Thought it would work with a normal filesystem cache and took this https://github.com/neos/neos-googleanalytics/blob/master/Configuration/Caches.yaml for example as a “last try”, as the configuration stays there in the cache.
And will also have a look again at the Settings.yaml options of session.
Thanks for the tip.
A different approach: Instead of using a server-side session for these long lived authentications, use a cookie. That will allow you to set the cookie expiration based on the user’s choice (remember me?) as well.
Therefore the cookie needs to contain all the information of your session of course, thus it has to be signed so it can’t be altered.
One way to do so is to store the cookie as JWT. Here’s an example implementation for Flow: https://gist.github.com/bwaidelich/0932b015cfffd20ef40c919a78c439a8
You can also bind the JWT to some client specifics (IP, user agent, …) and give it an expiration date for increased security (you could extend the lifetime in the background if it’s about to expire).
Just an inspiration, if you make it work with server sessions that’s probably easier to implement
Thanks @bwaidelich .But I wanted to use the server sessions as I am using different login methods like “normal” frontend login and some social login (google and facebook) with https://github.com/Flowpack/Flowpack.OAuth2.Client
But with the following Configuration it works for me. Had some priority issues of the config and overlooked the setting for inactivityTimeout
# set to a yaer
That wouldn’t be a problem. You can mix them as you like.
Anyways, good that you found a way to solve it with persistent sessions.