Laravel 5 Session Lifetime

Check your php.ini for: session.gc_maxlifetime – Default 1440 secs – 24 mins. session.gc_maxlifetime specifies the number of seconds after which data will be seen as ‘garbage’ and potentially cleaned up. Garbage collection may occur during session start (depending on session.gc_probability and session.gc_divisor). session.cookie_lifetime – Default 0. session.cookie_lifetime specifies the lifetime of the cookie in seconds … Read more

Unable to serialize the session state

Can we see the “Gebruiker” class? There error seems straightforward enough. Gebruiker is not attributed as being Serializable therefore it can’t be placed in Session for StateServer and SQLServer modes. EDIT: After looking at the code you linked in, yes, it’s probably because the class isn’t serializable. The LINQ generated class should be a partial … Read more

Can a user alter the value of $_SESSION in PHP?

Storing variables in the $_SESSION variable has two potentials for “insecurity”. The first as described by the other answer is called “session fixation”. The idea here is that since the session ID is stored in a cookie, the ID can be changed to that of another user’s. This is not a problem if a user … Read more

Understanding CSRF

The attacker has no way to get the token. Therefore the requests won’t take any effect. I recommend this post from Gnucitizen. It has a pretty decent CSRF explanation: http://www.gnucitizen.org/blog/csrf-demystified/

How to set session timeout dynamically in Java web applications?

Instead of using a ServletContextListener, use a HttpSessionListener. In the sessionCreated() method, you can set the session timeout programmatically: public class MyHttpSessionListener implements HttpSessionListener { public void sessionCreated(HttpSessionEvent event){ event.getSession().setMaxInactiveInterval(15 * 60); // in seconds } public void sessionDestroyed(HttpSessionEvent event) {} } And don’t forget to define the listener in the deployment descriptor: <webapp> … … Read more

How do check if a PHP session is empty? [duplicate]

I would use isset and empty: session_start(); if(isset($_SESSION[‘blah’]) && !empty($_SESSION[‘blah’])) { echo ‘Set and not empty, and no undefined index error!’; } array_key_exists is a nice alternative to using isset to check for keys: session_start(); if(array_key_exists(‘blah’,$_SESSION) && !empty($_SESSION[‘blah’])) { echo ‘Set and not empty, and no undefined index error!’; } Make sure you’re calling session_start … Read more