I want to have a longtime valid Login, which should be valid a a user logs himself out (“remember my login” function).
So if a user revisits the page is still logged in.
But after some time the Session disappears from the persistent Cache and you have to login again.
Is SimpleFileBackend the right thing to use? Or do I need further configuration?
/**
* A caching backend which stores cache entries in files, but does not support or
* care about expiry times and tags.
*
* @api
*/
class SimpleFileBackend extends IndependentAbstractBackend implements PhpCapableBackendInterface, IterableBackendInterface
A different approach: Instead of using a server-side session for these long lived authentications, use a cookie. That will allow you to set the cookie expiration based on the user’s choice (remember me?) as well.
Therefore the cookie needs to contain all the information of your session of course, thus it has to be signed so it can’t be altered.
One way to do so is to store the cookie as JWT. Here’s an example implementation for Flow: https://gist.github.com/bwaidelich/0932b015cfffd20ef40c919a78c439a8
You can also bind the JWT to some client specifics (IP, user agent, …) and give it an expiration date for increased security (you could extend the lifetime in the background if it’s about to expire).
Just an inspiration, if you make it work with server sessions that’s probably easier to implement