PHPJunkyard support forum

Posted: **Thu Sep 12, 2024 3:57 pm**

I have implementation which give me possibilite login to hesk via keycloak. Below part of code. Everything works but I hew few questions.
1. I know that session in hesk works on the base parametr session.gc_maxlifetime but How it works on page admin_main.php where is autorefresh page?
2. How long works session when user works all the time?

Code: Select all

 
//Login via AOuth
if(isset($_SESSION['logged_keykloak_auth'])) 
{ 
	//Check user by email logged 
	$result = hesk_dbQuery("SELECT user FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `email` = '".hesk_dbEscape($_SESSION['email_auth'])."' LIMIT 1"); 

	if(hesk_dbNumRows($result) == true)
	{ 
		//Find user in database 
		$row = $result->fetch_assoc(); 

		$result2 = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `user` = '".hesk_dbEscape($row['user'])."' LIMIT 1"); 
		$user_row = hesk_dbFetchAssoc($result2); 

		process_successful_login($user_row); 
		exit(); 
	} 
	else 
	{  
		//Redericted when not find user in database 
		header('Location:index.php?user=unfinded'); 
		exit(); 
	} 
}

Posted: **Thu Sep 12, 2024 6:05 pm**

Hesk doesn't do anything special; it just uses the built-in PHP session functions.

You may want to look at and study hesk_session_start function from the /inc/common.inc.php file.

Posted: **Fri Sep 13, 2024 8:49 am**

I checked file common.inc.php but I didn't find any inform which I didn't know. Tell me, what will happend on page admin_main.php where I have set auto refresh on 60 seconds. Siession never expire?

Posted: **Fri Sep 13, 2024 2:15 pm**

The page reloads and the session restarts, yes.

Posted: **Sun Sep 15, 2024 8:25 am**

I would like to keep session in Keycloak so could you tell me, can I use session_regenerate_id ? in my logic? I have logic when every request/refresh page check validy access token in keycloak, if access token expired, refresh token create new access token.

Posted: **Sun Sep 15, 2024 8:46 am**

session_regenerate_id just changed the ID of the session, it doesn't change any of the data:
https://www.php.net/manual/en/function. ... ate-id.php

It's commonly used to prevent session fixation so you should generally use it when you handle authentication changes:
https://stackoverflow.com/questions/229 ... enerate-id

Why, when and if you need to use it in your code is up to you, that's not something we can help with.

PHPJunkyard support forum

Hesk and login via Auth

Hesk and login via Auth

Re: Hesk and login via Auth

Re: Hesk and login via Auth

Re: Hesk and login via Auth

Re: Hesk and login via Auth

Re: Hesk and login via Auth