views:

314

answers:

1

Hi stackoverflowers, I'm currently working on a project with the php framework symfony. I've configured secured pages, defined 30 minutes for the session timeout and set the page where the user should be redirect if an unauthenticated user tries to access a secured page.

I've remarked that he is also redirected there if he tries to access a secured page after his session has expired. In this case, I would like to display a message basically saying that "Your session has expired. Please reconnect."

How could I achieve this?

Many Thanks.

+1  A: 

You can set a cookie on each successful authentication. Then, if the session is empty, but the cookie is present, you say "Session expired".

Another, uglier way, which will work even with cookies disabled: always add the session ID to the URL. Then, again, if it's present in the URL, but the session is empty, we're in the expiration situation.

Ivan Krechetov
I'd prefer to implement it as a filter
develop7