CakePHP - Auto logout after time limit of user being idle

I have set up a meta tag in my layout to ensure that the user is logged out after a set time if they remain idle.

<meta http-equiv="refresh" content="3600;url=http://www.example.com/users/logout/redirect:%2Fusers%2Faccount" />

As you can see, I'm trying to pass the current URL (encoded) as a redirect parameter, so that when the logout action is called and redirects to the login page, t开发者_JAVA百科he login page will know which page to redirect the user back to whatever they were doing when the system auto logged them out.

However, when the auto logout occurs, it redirects to http://www.example.com/users/logout/redirect:%2Fusers%2Faccount as expected, but I get a 404 error:

/users/logout/redirect:/users/account was not found

What am I doing wrong here?

My understanding at least, is that is not possible to achieve this using urlencode due to how the slashes will be translated and handled by Cake. I'm not sure on the specifics however!

One solution would be to use base64_encode and base64_decode instead on the URL.

You may be able to set up a route with some regex to handle the extra slashes correctly.

echo 'http://example.com/users/logout/redirect:' . base64_encode('users/account');
//http://example.com/users/logout/redirect:dXNlcnMvYWNjb3VudA==

You can set the timeout in the core file.

To redirect after the login you need to add

$this->Auth->autoRedirect = true;

in the app_controller. (See preparing to add auth and AuthComponent Class)

The auth component will notice that the page you're trying to see is controlled. So after rendering the login page, it will store the page's url in session. To test it, you can do a print_r($_SESSION) in the login view and you will see it under $_SESSION['Auth']['redirect']

And that's it =) Good Luck

Let's make it easier. I use Cake 3.2 but I think the old versions are same.

Config the routes info. In Cake 3.2 is in /config/routes.php

$routes->connect('/logout', ['controller' => 'Users', 'action' => 'logout']);

Now you will logout by access to URL http://domain.com/logout instead of http://domain.com/Users/logout.

Base on your meta tag:

<meta http-equiv="refresh" content="3600;/logout" />

Try it, it worked for me :D