I want to refresh the session timeout every time a logged in user calls the user frontend.
For that I added the s::restart(); line at the top of every frontend page.
My problem is that the session is not restarting, meaning the $_SESSION stays the same and the user is logged out after the timeout.
The goal is having an on-site javascript timer, that displays the time to session expiration and resets every time the user clicks a link and calls the server. The use-case is having a more secure session management, that logs out the user after 8 minutes of inactivity, similar to the session managing that many online banking platforms are using.
I think you’ll find a basic solution to your problem is already implemented into Kirby by default.
Kirby keeps a session token called “kirby_session_activity” that holds a timestamp, updated on each request.
["kirby_session_activity"]=> int(1520591607)
Inside the Kirby toolkit you can find this code, handling session timeouts
public static function check() {
// check for the last activity and compare it with the session timeout
if(isset($_SESSION['kirby_session_activity']) && time() - $_SESSION['kirby_session_activity'] > static::$timeout * 60) {
return false;
}
$_SESSION['kirby_session_activity'] = time();
return true;
}
As you can see this is basically what you are trying to implement. A timestamp that updates on each request, and a session destroy when the user’s timeout has expired. Maybe you could use XmlHttpRequests to fetch $_SESSION[“kirby_session_activity”], parse the timestamp into a countdown and display that on your website?