Session expires automatic redirection to login

When I log out, the redirection to the login is executed, this is correct, but when the session expires nothing happens, I cannot access other pages but there is no notice of expired session.

I want that when the session expires it is automatically redirected to the login or at least that when a user gives a link it is redirected to the login. Where and how do I configure this? Since I have been looking at the documentation, but I do not see anywhere how to implement this. Thank you

In cakephp 3.6

Hi @bichomen,

Please add your auth configuration code for more understanding.



  $this->loadComponent('RequestHandler', [
            'enableBeforeRedirect' => false,
          'authorize' => ['Controller'],
          'authenticate' => [
            'Form' => [
              'finder' => 'auth',
              'fields' => [
                'username' => 'email',
                'password' => 'password'
              'userModel' => 'Users'
          'loginAction' => [
            'controller' => 'Users',
            'action' => 'login'
          'loginRedirect' => [
            'controller' => 'Efemerides',
            'action' => 'index'
          'logoutRedirect' => [
            'controller' => 'Users',
            'action' => 'login'
          'unauthorizedRedirect' => $this->referer()

In UserController:

  public function logout() {
      $url = '/users/login/';
      return $this->redirect($url);

In app.php:

'Session' => [
        'defaults' => 'database',
        'handler' => [
          'engine' => 'DatabaseSession',
          'model' => 'Sessions'
        'cookie' => 'arbol_login',
        'timeout' => 30,
        'autoRegenerate' => true,
        'ini' => [
            'session.cookie_lifetime' => 1440

Currently the logout only works for me when the user manually closes the session, but if the session expires, I want it to automatically redirect to the login page. And that is not working.

The session expires, but remains on the page where you are.

Is “the page where you are” a page that can be viewed without being logged in?

Hi @bichomen,

The option unauthorizedRedirect is responsible to redirect unauthorized user to the referrer URL or loginAction or ‘/’, as per the documentation. By default it is true so you do not need to specify it to $this->referer(), you can remove that and check if it works.

No, if you are on a page that only the user can see and the session expires, while the page is left, it stays there, although you cannot access other pages either.

Yes, you are right about that, but it still doesn’t work.

So, you’re looking for something that actively sends the user away from the page that they are on when their session expires?

Yes, I already have autoregenerate activated, so that when the user browses the session is updated, but if the user does not interact with the page I want one of these options:

  • The login page appears
  • That when you click on a link, it will take you to the login page
  • Or that you get a message advising you that the session has expired.

But no, the current behavior, which does nothing.

I think the normal way of doing this would be to have a heartbeat process in JavaScript that makes an Ajax call every X seconds to check the session, and do whatever you want when it comes back as expired.

For this as @Zuluru suggested you have to use ajax to do this type of work. No server side framework can do this for you by default.

It’s what I imagined, thanks