You can set the session expiration time in your config file under the framework section. Mine looks like this: config.yml framework: secret: %secret% charset: UTF-8 error_handler: null csrf_protection: enabled: true router: { resource: “%kernel.root_dir%/config/routing.yml” } validation: { enabled: true, annotations: true } templating: { engines: [‘twig’] } #assets_version: SomeVersionScheme session: default_locale: %locale% cookie_lifetime: 3600 // … Read more
You can get a request parameter id using the expression: <h:outputText value=”#{param[‘id’]}” /> param—An immutable Map of the request parameters for this request, keyed by parameter name. Only the first value for each parameter name is included. sessionScope—A Map of the session attributes for this request, keyed by attribute name. Section 5.3.1.2 of the JSF … Read more
The session cookie is per-process not per window. So even if you selected New Window you’d still get the same session id. This behavior makes sense. You wouldn’t want a user to re-sign in each time they opened a new window while browsing your site. I’m not aware off hand of any real way around … Read more
You can share sessions between web applications by using a Single Sign-On Valve. You would set crossContext=true if you wanted to share some information between different Web Applications in the same Virtual Host. For example app1 would call: setAttribute(“name”, object); and another app could call getContext(“/app1”).getAttribute(“name”); to read the information. If crossContext wasn’t set to … Read more
If someone writes a URL and tries to jump the login page, how can I check that and redirect him to the login page? You seem to using homegrown authentication. In that case, you need to implement a servlet filter. JSF stores session scoped managed beans as attributes of HttpSession, so you could just check … Read more
JWT doesn’t have a benefit over using “sessions” per se. JWTs provide a means of maintaining session state on the client instead of doing it on the server. What people often mean when asking this is “What are the benefits of using JWTs over using Server-side sessions“. With server-side sessions, you will either have to … Read more
I named this the Remote Session pattern in my 2001 book. The idea is to have a singleton RMI object, bound in the Registry, with nothing but a login() method. That method, if successful, returns a new RemoteSession object for every call, that contains the API you need for the session. RemoteSession is another remote … Read more
For ASP.NET Core 2.1 and 2.2 In the ConfigureServices method of the Startup class, Set options.CheckConsentNeeded = context => false; as follows: services.Configure<CookiePolicyOptions>(options => { // This lambda determines whether user consent for non-essential cookies is needed for a given request. options.CheckConsentNeeded = context => false; options.MinimumSameSitePolicy = SameSiteMode.None; }); Problem solved!
You have to implement it with a kernel listener, this is the way I solve it: Listener src/Comakai/MyBundle/Handler/SessionIdleHandler.php namespace Comakai\MyBundle\Handler; use Symfony\Component\HttpKernel\HttpKernelInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\HttpFoundation\Session\SessionInterface; use Symfony\Component\Routing\RouterInterface; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; class SessionIdleHandler { protected $session; protected $securityToken; protected $router; protected $maxIdleTime; public function __construct(SessionInterface $session, TokenStorageInterface $securityToken, RouterInterface $router, $maxIdleTime = 0) { … Read more