6
I work with Google API 3.0.
My Laravel session expires in 5 years (not to log out anyway). But the Google session has 3 hours, IE, if the system stands still for 3 hours it logs from Google, but not from the system in Laravel.
What I want is for you to stay longer than 3 hours logged in to Google. How to do it?
2
The token access expires in a short time, apparently related to security of access. If the same is compromised, the access expires in a short time and with it the threat.
But there is the token update, which can be used to update the session and thus generate another token access, contributing to a larger session.
// fazer operações de login...
// recolher o token de acesso
$_SESSION['token'] = $client->getAccessToken();
// se temos o token de acesso
if (isset($_SESSION['token']) && $_SESSION['token']!='') {
// definir um novo token de acesso
$client->setAccessToken($_SESSION['token']);
/* Descodificar o JSON que guardamos na variável de sessão
* e passar o mesmo para uma variável na forma de um objecto
*/
$sessionToken = json_decode($_SESSION['token']);
/* guardar o token de actualização num cookie com o nome "token",
* dando-lhe um tempo de vida maior
*/
setcookie("token", $sessionToken->refresh_token, time()+60*60*24*30); /* 1 mês de vida */
}
Where necessary the token access, we can check the cookie:
If it’s not empty, Let’s tell the customer to update the token:
if isset($_COOKIE['token'] && $_COOKIE['token']!='') {
$client->refreshToken($_COOKIE['token']);
}
We’re basically updating the token with the help of token update without we perform login again.
Although I haven’t found the duration times of the token of access and the token updating, we can read (English) that update tokens were created for the purpose of being "super-durable" precisely to avoid always including the user in the session renewals:
Short-lived tokens with Long-lived authorizations
Instead of issuing a long lasting token (typically good for a year or Unlimited Lifetime), the server can issues a short-lived access token and a long lived refresh token. This Allows clienta to obtain a new access token without having to involve the user Again, but keeps access tokens Limited. This Feature was Adopted from Yahoo! ’s Bbauth Protocol and later its Oauth 1.0 Session Extension.
That translated:
Short-term tokens with long-term authorizations
Instead of issuing a long-term token (usually good for a year or unlimited lifetime), the server can issue a short-term access token and a long-term upgrade token. This allows the Customer to obtain a new access token without the need to engage the user again, but keeps access tokens limited. This feature was adopted from the Yahoo! Bbauth protocol and later from its Oauth 1.0 session extension.
This response is an adaptation to an anonymous format of reply given by @hope_industries on SOEN.
Consultation the same for the practical case that is there treated.
The answer illustrates the concept for making use of refresh token in order to obtain new access token without involving the user. I think this is the solution to your problem. I tried to be as clear as I could, even though your question does not specifically indicate how you are doing the whole process. Anything, leave comment that I will try to help more.
To whom he gave a downvote in this reply, it would be good a comment to understand the reason.
Browser other questions tagged php laravel-4 api google
You are not signed in. Login or sign up in order to post.
The problem there is not in Laravel, if the google API does not give you the option to set the session time, you will not be able to do anything.
– Richard Feliciano
Can you add to your question how you are logging in? Your code will allow you to evaluate the appropriate solution without it is difficult to answer in order to solve your problem.
– Zuul
There are not many ways to log in to google https://github.com/google/google-api-php-client
– Thiago Bueno