src/EventListener/UserSessionTracker.php line 90

Open in your IDE?
  1. <?php
  3. namespace App\EventListener;
  5. use App\Entity\UserSessionLog;
  6. use App\Repository\UserSessionLogRepository;
  7. use DateTime;
  8. use Doctrine\ORM\EntityManagerInterface;
  9. use Exception;
  10. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  11. use Symfony\Component\HttpKernel\Event\RequestEvent;
  12. use Symfony\Component\HttpKernel\KernelEvents;
  13. use Symfony\Component\HttpKernel\KernelInterface;
  14. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  15. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  16. use Symfony\Component\Security\Http\Event\LogoutEvent;
  17. use Symfony\Component\Security\Http\SecurityEvents;
  19. class UserSessionTracker implements EventSubscriberInterface
  20. {
  21.     private const ACTIVITY_UPDATE_INTERVAL 10// Update activity every 10 seconds (for testing, use 60 in production)
  23.     public function __construct(
  24.         private EntityManagerInterface $entityManager,
  25.         private UserSessionLogRepository $sessionLogRepository,
  26.         private TokenStorageInterface $tokenStorage,
  27.         private KernelInterface $kernel
  28.     ) {
  29.     }
  31.     public static function getSubscribedEvents(): array
  32.     {
  33.         return [
  34.             SecurityEvents::INTERACTIVE_LOGIN => 'onLogin',
  35.             LogoutEvent::class => 'onLogout',
  36.             KernelEvents::REQUEST => 'onRequest',
  37.         ];
  38.     }
  40.     /**
  41.      * Handle user login event
  42.      */
  43.     public function onLogin(InteractiveLoginEvent $event): void
  44.     {
  45.         error_log("UserSessionTracker::onLogin() CALLED at " date('Y-m-d H:i:s'));
  46.         $this->writeLog(" - LOGIN: onLogin called\n");
  48.         $user $event->getAuthenticationToken()->getUser();
  49.         $request $event->getRequest();
  51.         if (!$user || !method_exists($user'getId')) {
  52.             $this->writeLog(" - LOGIN: No valid user\n");
  53.             return;
  54.         }
  56.         $sessionId $request->getSession()->getId();
  57.         $this->writeLog(" - LOGIN: Session ID: $sessionId, User: " $user->getUserIdentifier() . "\n");
  59.         try {
  60.             // Check if session already exists (avoid duplicates)
  61.             $existingSession $this->sessionLogRepository->findActiveBySessionId($sessionId);
  62.             if ($existingSession) {
  63.                 $this->writeLog(" - LOGIN: Session already exists, skipping\n");
  64.                 return;
  65.             }
  67.             $sessionLog = new UserSessionLog();
  68.             $sessionLog->setUser($user);
  69.             $sessionLog->setUsername($user->getUserIdentifier() ?? null);
  70.             $sessionLog->setEmail($user->getEmail() ?? null);
  71.             $sessionLog->setLoginAt(new DateTime());
  72.             $sessionLog->setLastActivityAt(new DateTime());
  73.             $sessionLog->setIpAddress($request->getClientIp());
  74.             $sessionLog->setUserAgent($request->headers->get('User-Agent'));
  75.             $sessionLog->setSessionId($sessionId);
  77.             $this->entityManager->persist($sessionLog);
  78.             $this->entityManager->flush();
  79.             $this->writeLog(" - LOGIN: Session created successfully\n");
  80.         } catch (Exception $e) {
  81.             $this->writeLog(" - LOGIN ERROR: " $e->getMessage() . "\n");
  82.             // Don't fail the login process if session logging fails
  83.             return;
  84.         }
  85.     }
  87.     /**
  88.      * Handle user logout event
  89.      */
  90.     public function onLogout(LogoutEvent $event): void
  91.     {
  92.         error_log("UserSessionTracker::onLogout() CALLED at " date('Y-m-d H:i:s'));
  93.         $request $event->getRequest();
  94.         $sessionId $request->getSession()->getId();
  96.         $this->writeLog(" - LOGOUT: onLogout called for session_id: $sessionId\n");
  98.         try {
  99.             $sessionLog $this->sessionLogRepository->findActiveBySessionId($sessionId);
  101.             if (!$sessionLog) {
  102.                 $this->writeLog(" - LOGOUT: No active session found by session_id\n");
  104.                 // Session ID might have been regenerated - try to find by user
  105.                 $token $this->tokenStorage->getToken();
  106.                 if ($token && $token->getUser() && method_exists($token->getUser(), 'getId')) {
  107.                     $user $token->getUser();
  108.                     $this->writeLog(" - LOGOUT: Searching by user_id: " $user->getId() . "\n");
  110.                     // Find the most recent active session for this user
  111.                     $sessionLog $this->sessionLogRepository->findOneBy(
  112.                         ['user' => $user'logoutAt' => null],
  113.                         ['loginAt' => 'DESC']
  114.                     );
  116.                     if (!$sessionLog) {
  117.                         $this->writeLog(" - LOGOUT: No active session found for user\n");
  118.                         return;
  119.                     }
  121.                     $this->writeLog(" - LOGOUT: Found session by user with session_id: " $sessionLog->getSessionId() . "\n");
  122.                 } else {
  123.                     $this->writeLog(" - LOGOUT: No authenticated user found\n");
  124.                     return;
  125.                 }
  126.             }
  127.             $this->writeLog(" - LOGOUT: Closing session for user: " $sessionLog->getUsername() . "\n");
  128.             $logoutTime = new DateTime();
  129.             $sessionLog->setLogoutAt($logoutTime);
  130.             $sessionLog->setLastActivityAt($logoutTime);
  131.             $sessionLog->setLogoutType('manual'); // User clicked logout
  133.             $this->entityManager->flush();
  134.             $this->writeLog(" - LOGOUT: Session closed successfully\n");
  135.         } catch (Exception $e) {
  136.             $this->writeLog(" - LOGOUT ERROR: " $e->getMessage() . "\n");
  137.             return;
  138.         }
  139.     }
  141.     /**
  142.      * Update last activity timestamp on each request
  143.      * ONLY if session hasn't been closed (no logoutAt)
  144.      */
  145.     public function onRequest(RequestEvent $event): void
  146.     {
  147.         error_log("UserSessionTracker::onRequest() CALLED at " date('Y-m-d H:i:s'));
  148.         $this->writeLog(" - onRequest called\n");
  150.         // Only track main requests, not sub-requests
  151.         if (!$event->isMainRequest()) {
  152.             $this->writeLog(" - Not main request, skipping\n");
  153.             return;
  154.         }
  156.         $request $event->getRequest();
  158.         // Skip if no session
  159.         if (!$request->hasSession()) {
  160.             $this->writeLog(" - No session\n");
  161.             return;
  162.         }
  164.         $session $request->getSession();
  166.         // Skip if session not started
  167.         if (!$session->isStarted()) {
  168.             $this->writeLog(" - Session not started\n");
  169.             return;
  170.         }
  172.         $sessionId $session->getId();
  173.         $this->writeLog(" - Session ID: $sessionId\n");
  175.         // Check if we should update activity (throttle updates)
  176.         $lastUpdate $session->get('_session_log_last_update');
  177.         $now time();
  179.         if ($lastUpdate && ($now $lastUpdate) < self::ACTIVITY_UPDATE_INTERVAL) {
  180.             $this->writeLog(" - Throttled (last update: $lastUpdate, now: $now)\n");
  181.             return;
  182.         }
  184.         $this->writeLog(" - Checking DB for session\n");
  186.         try {
  187.             $sessionLog $this->sessionLogRepository->findActiveBySessionId($sessionId);
  188.         } catch (Exception $e) {
  189.             // Skip if Doctrine is not ready yet (during cache warming, etc.)
  190.             $this->writeLog(" - Doctrine not ready: " $e->getMessage() . "\n");
  191.             return;
  192.         }
  194.         if (!$sessionLog) {
  195.             $this->writeLog(" - No session log found in DB\n");
  197.             // Session ID might have been regenerated after login - try to find by user
  198.             // Check if user is authenticated
  199.             $token $this->tokenStorage->getToken();
  200.             if ($token && $token->getUser() && method_exists($token->getUser(), 'getId')) {
  201.                 $user $token->getUser();
  202.                 $this->writeLog(" - User authenticated, searching by user_id: " $user->getId() . "\n");
  204.                 // Find the most recent session for this user (open OR closed by timeout)
  205.                 // First try to find an open session
  206.                 try {
  207.                     $sessionLog $this->sessionLogRepository->findOneBy(
  208.                         ['user' => $user'logoutAt' => null],
  209.                         ['loginAt' => 'DESC']
  210.                     );
  211.                 } catch (Exception $e) {                    
  212.                     $this->writeLog(" - Error finding session: " $e->getMessage() . "\n");
  213.                     return;
  214.                 }
  216.                 // If no open session, try to find the most recent timeout session
  217.                 if (!$sessionLog) {
  218.                     try {
  219.                         $sessionLog $this->sessionLogRepository->findOneBy(
  220.                             ['user' => $user'logoutType' => 'timeout'],
  221.                             ['loginAt' => 'DESC']
  222.                         );
  223.                     } catch (Exception $e) {
  224.                         $this->writeLog(" - Error finding timeout session: " $e->getMessage() . "\n");
  225.                         return;
  226.                     }
  228.                     if ($sessionLog) {
  229.                         $this->writeLog(" - Found timeout session by user, reopening with session_id: $sessionId\n");
  230.                     }
  231.                 }
  233.                 if ($sessionLog) {
  234.                     $this->writeLog(" - Found session by user, updating session_id from " $sessionLog->getSessionId() . " to $sessionId\n");
  235.                     // Update the session_id (Symfony regenerated it after login)
  236.                     $sessionLog->setSessionId($sessionId);
  237.                     $this->entityManager->flush();
  238.                 } else {
  239.                     $this->writeLog(" - No session found for user (neither open nor timeout)\n");
  240.                     return;
  241.                 }
  242.             } else {
  243.                 return;
  244.             }
  245.         }
  246.         
  247.         $this->writeLog(" - Found session for user: " $sessionLog->getUsername() . "\n");
  249.         // Check if session was auto-closed by timeout - reopen it
  250.         if ($sessionLog->getLogoutAt() !== null) {
  251.             if ($sessionLog->getLogoutType() === 'timeout') {
  252.                 $this->writeLog(" - Session was auto-closed, reopening\n");
  253.                 $sessionLog->setLogoutAt(null);
  254.                 $sessionLog->setLogoutType(null);
  255.                 $sessionLog->setDuration(null);
  256.             } else {
  257.                 // Manual logout - don't reopen
  258.                 $this->writeLog(" - Session manually closed, not reopening\n");
  259.                 return;
  260.             }
  261.         }
  262.         
  263.         $this->writeLog(" - Updating lastActivityAt\n");
  264.         $sessionLog->setLastActivityAt(new DateTime());
  265.         $this->entityManager->flush();
  266.         $this->writeLog(" - Updated successfully\n");
  268.         // Update throttle timestamp
  269.         $session->set('_session_log_last_update'$now);
  270.     }
  272.     // 🔹 Función helper para escribir logs portables
  273.     private function writeLog(string $message): void
  274.     {
  275.         $logDir $this->kernel->getProjectDir() . '/var/tmp';
  276.         if (!is_dir($logDir)) {
  277.             mkdir($logDir0777true);
  278.         }
  279.         $logFile $logDir '/session_tracker.log';
  280.         file_put_contents($logFiledate('Y-m-d H:i:s') . " - $message\n"FILE_APPEND);
  281.     }
  282. }