Forever sessions
Toddappleton (Talk | contribs) |
Toddappleton (Talk | contribs) |
||
| Line 5: | Line 5: | ||
To set up forever sessions, configure <code>DF_ALLOW_FOREVER_SESSIONS</code> and <code>DF_JWT_TTL</code> in the <code>.env</code> file. Note that <code>DF_JWT_REFRESH_TTL</code> will be ignored once <code>DF_ALLOW_FOREVER_SESSIONS</code> is set to <code>true</code>. | To set up forever sessions, configure <code>DF_ALLOW_FOREVER_SESSIONS</code> and <code>DF_JWT_TTL</code> in the <code>.env</code> file. Note that <code>DF_JWT_REFRESH_TTL</code> will be ignored once <code>DF_ALLOW_FOREVER_SESSIONS</code> is set to <code>true</code>. | ||
| − | The <code>.env</code> file for a DreamFactory instance is located at the installation's root directory. Refer to the example <code>.env-dist</code> file [https://github.com/dreamfactorysoftware/dreamfactory/blob/master/.env-dist provided in the GitHub repository here]. | + | The <code>.env</code> file for a DreamFactory instance is located at the installation's root directory. Refer to the example <code>.env-dist</code> file [https://github.com/dreamfactorysoftware/dreamfactory/blob/master/.env-dist provided in the GitHub repository here]. <br /> |
'''1. Set <code>DF_ALLOW_FOREVER_SESSIONS</code>''' | '''1. Set <code>DF_ALLOW_FOREVER_SESSIONS</code>''' | ||
| − | + | ||
| − | + | In <code>.env</code>, add or un-comment this line and set the value to <code>true</code>: | |
| − | + | ||
| − | + | <pre>DF_ALLOW_FOREVER_SESSIONS=true</pre> | |
| − | + | ||
| − | :: < | + | To make sure forever session is enabled, make the following API call. |
| + | |||
| + | <pre>GET http://{url}/api/v2/system/environment</pre> | ||
| + | |||
| + | Look for the following in your response. | ||
| + | |||
| + | <pre> | ||
| + | ... | ||
| + | "authentication":{ | ||
| + | .... | ||
| + | "allow_forever_sessions":true | ||
| + | .... | ||
| + | } | ||
| + | ... | ||
| + | </pre> | ||
'''2. Set <code>DF_JWT_TTL</code>''' | '''2. Set <code>DF_JWT_TTL</code>''' | ||
| − | + | ||
| − | + | In <code>.env</code>, add or un-comment this line and set the value to your desired TTL in minutes. A session refresh will be required to receive a new session token after this many minutes. | |
| − | + | ||
| − | + | <pre>DF_JWT_TTL=720</pre> | |
| − | + | ||
| − | + | The above setting will require a session refresh every 12 hours (720 minutes). | |
| − | + | ||
| − | + | ||
'''3. Clear config''' | '''3. Clear config''' | ||
| − | + | ||
| − | + | Run this command from the root directory for your DreamFactory instance installation. | |
| − | + | ||
| − | + | <code>php artisan config:clear</code> | |
| − | + | ||
== Usage == | == Usage == | ||
Revision as of 20:12, 30 June 2016
This tutorial builds on the concepts covered in the other User Authentication tutorials. Normally JWT session tokens can only be refreshed prior to the DF_JWT_REFRESH_TTL timer expiring. By enabling forever sessions you can force the system to ignore DF_JWT_REFRESH_TTL and allow refresh at any time (forever). This is similar to the Facebook model, where a device remains logged into an account forever, unless explicitly logged out. The session token will still expire after DF_JWT_TTL and require refreshing, but it can be refreshed forever.
Configuration
To set up forever sessions, configure DF_ALLOW_FOREVER_SESSIONS and DF_JWT_TTL in the .env file. Note that DF_JWT_REFRESH_TTL will be ignored once DF_ALLOW_FOREVER_SESSIONS is set to true.
The .env file for a DreamFactory instance is located at the installation's root directory. Refer to the example .env-dist file provided in the GitHub repository here.
1. Set DF_ALLOW_FOREVER_SESSIONS
In .env, add or un-comment this line and set the value to true:
DF_ALLOW_FOREVER_SESSIONS=true
To make sure forever session is enabled, make the following API call.
GET http://{url}/api/v2/system/environment
Look for the following in your response.
...
"authentication":{
....
"allow_forever_sessions":true
....
}
...
2. Set DF_JWT_TTL
In .env, add or un-comment this line and set the value to your desired TTL in minutes. A session refresh will be required to receive a new session token after this many minutes.
DF_JWT_TTL=720
The above setting will require a session refresh every 12 hours (720 minutes).
3. Clear config
Run this command from the root directory for your DreamFactory instance installation.
php artisan config:clear
Usage
- A forever session is instantiated if the client sets
"remember_me": trueat login. - Forever sessions may be refreshed to receive a new session token at any time, including after
DF_JWT_REFRESH_TTLexpires. - If a session is deleted, it may no longer be refreshed. Logging in again with valid credentials will be required.
