src/EventListener/UserSessionTracker.php line 176

Open in your IDE?
  1. <?php
  3. namespace App\EventListener;
  5. use App\Entity\UserSessionLog;
  6. use App\Repository\UserSessionLogRepository;
  7. use DateTime;
  8. use Doctrine\ORM\EntityManagerInterface;
  9. use Exception;
  10. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  11. use Symfony\Component\HttpKernel\Event\RequestEvent;
  12. use Symfony\Component\HttpKernel\KernelEvents;
  13. use Symfony\Component\HttpKernel\KernelInterface;
  14. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  15. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  16. use Symfony\Component\Security\Http\Event\LogoutEvent;
  17. use Symfony\Component\Security\Http\SecurityEvents;
  19. class UserSessionTracker implements EventSubscriberInterface
  20. {
  21. private const ACTIVITY_UPDATE_INTERVAL = 10; // Update activity every 10 seconds (for testing, use 60 in production)
  23. public function __construct(
  24. private EntityManagerInterface $entityManager,
  25. private UserSessionLogRepository $sessionLogRepository,
  26. private TokenStorageInterface $tokenStorage,
  27. private KernelInterface $kernel
  28. ) {
  29. }
  31. public static function getSubscribedEvents(): array
  32. {
  33. return [
  34. SecurityEvents::INTERACTIVE_LOGIN => 'onLogin',
  35. LogoutEvent::class => 'onLogout',
  36. KernelEvents::REQUEST => 'onRequest',
  37. ];
  38. }
  40. /**
  41. * Handle user login event
  42. */
  43. public function onLogin(InteractiveLoginEvent $event): void
  44. {
  45. error_log("UserSessionTracker::onLogin() CALLED at " . date('Y-m-d H:i:s'));
  46. $this->writeLog(" - LOGIN: onLogin called\n");
  48. $user = $event->getAuthenticationToken()->getUser();
  49. $request = $event->getRequest();
  51. if (!$user || !method_exists($user, 'getId')) {
  52. $this->writeLog(" - LOGIN: No valid user\n");
  53. return;
  54. }
  56. $sessionId = $request->getSession()->getId();
  57. $this->writeLog(" - LOGIN: Session ID: $sessionId, User: " . $user->getUserIdentifier() . "\n");
  59. try {
  60. // Check if session already exists (avoid duplicates)
  61. $existingSession = $this->sessionLogRepository->findActiveBySessionId($sessionId);
  62. if ($existingSession) {
  63. $this->writeLog(" - LOGIN: Session already exists, skipping\n");
  64. return;
  65. }
  67. $sessionLog = new UserSessionLog();
  68. $sessionLog->setUser($user);
  69. $sessionLog->setUsername($user->getUserIdentifier() ?? null);
  70. $sessionLog->setEmail($user->getEmail() ?? null);
  71. $sessionLog->setLoginAt(new DateTime());
  72. $sessionLog->setLastActivityAt(new DateTime());
  73. $sessionLog->setIpAddress($request->getClientIp());
  74. $sessionLog->setUserAgent($request->headers->get('User-Agent'));
  75. $sessionLog->setSessionId($sessionId);
  77. $this->entityManager->persist($sessionLog);
  78. $this->entityManager->flush();
  79. $this->writeLog(" - LOGIN: Session created successfully\n");
  80. } catch (Exception $e) {
  81. $this->writeLog(" - LOGIN ERROR: " . $e->getMessage() . "\n");
  82. // Don't fail the login process if session logging fails
  83. return;
  84. }
  85. }
  87. /**
  88. * Handle user logout event
  89. */
  90. public function onLogout(LogoutEvent $event): void
  91. {
  92. error_log("UserSessionTracker::onLogout() CALLED at " . date('Y-m-d H:i:s'));
  93. $request = $event->getRequest();
  94. $sessionId = $request->getSession()->getId();
  96. $this->writeLog(" - LOGOUT: onLogout called for session_id: $sessionId\n");
  98. try {
  99. $sessionLog = $this->sessionLogRepository->findActiveBySessionId($sessionId);
  101. if (!$sessionLog) {
  102. $this->writeLog(" - LOGOUT: No active session found by session_id\n");
  104. // Session ID might have been regenerated - try to find by user
  105. $token = $this->tokenStorage->getToken();
  106. if ($token && $token->getUser() && method_exists($token->getUser(), 'getId')) {
  107. $user = $token->getUser();
  108. $this->writeLog(" - LOGOUT: Searching by user_id: " . $user->getId() . "\n");
  110. // Find the most recent active session for this user
  111. $sessionLog = $this->sessionLogRepository->findOneBy(
  112. ['user' => $user, 'logoutAt' => null],
  113. ['loginAt' => 'DESC']
  114. );
  116. if (!$sessionLog) {
  117. $this->writeLog(" - LOGOUT: No active session found for user\n");
  118. return;
  119. }
  121. $this->writeLog(" - LOGOUT: Found session by user with session_id: " . $sessionLog->getSessionId() . "\n");
  122. } else {
  123. $this->writeLog(" - LOGOUT: No authenticated user found\n");
  124. return;
  125. }
  126. }
  127. $this->writeLog(" - LOGOUT: Closing session for user: " . $sessionLog->getUsername() . "\n");
  128. $logoutTime = new DateTime();
  129. $sessionLog->setLogoutAt($logoutTime);
  130. $sessionLog->setLastActivityAt($logoutTime);
  131. $sessionLog->setLogoutType('manual'); // User clicked logout
  133. $this->entityManager->flush();
  134. $this->writeLog(" - LOGOUT: Session closed successfully\n");
  135. } catch (Exception $e) {
  136. $this->writeLog(" - LOGOUT ERROR: " . $e->getMessage() . "\n");
  137. return;
  138. }
  139. }
  141. /**
  142. * Update last activity timestamp on each request
  143. * ONLY if session hasn't been closed (no logoutAt)
  144. */
  145. public function onRequest(RequestEvent $event): void
  146. {
  147. error_log("UserSessionTracker::onRequest() CALLED at " . date('Y-m-d H:i:s'));
  148. $this->writeLog(" - onRequest called\n");
  150. // Only track main requests, not sub-requests
  151. if (!$event->isMainRequest()) {
  152. $this->writeLog(" - Not main request, skipping\n");
  153. return;
  154. }
  156. $request = $event->getRequest();
  158. // Skip if no session
  159. if (!$request->hasSession()) {
  160. $this->writeLog(" - No session\n");
  161. return;
  162. }
  164. $session = $request->getSession();
  166. // Skip if session not started
  167. if (!$session->isStarted()) {
  168. $this->writeLog(" - Session not started\n");
  169. return;
  170. }
  172. $sessionId = $session->getId();
  173. $this->writeLog(" - Session ID: $sessionId\n");
  175. // Check if we should update activity (throttle updates)
  176. $lastUpdate = $session->get('_session_log_last_update');
  177. $now = time();
  179. if ($lastUpdate && ($now - $lastUpdate) < self::ACTIVITY_UPDATE_INTERVAL) {
  180. $this->writeLog(" - Throttled (last update: $lastUpdate, now: $now)\n");
  181. return;
  182. }
  184. $this->writeLog(" - Checking DB for session\n");
  186. try {
  187. $sessionLog = $this->sessionLogRepository->findActiveBySessionId($sessionId);
  188. } catch (Exception $e) {
  189. // Skip if Doctrine is not ready yet (during cache warming, etc.)
  190. $this->writeLog(" - Doctrine not ready: " . $e->getMessage() . "\n");
  191. return;
  192. }
  194. if (!$sessionLog) {
  195. $this->writeLog(" - No session log found in DB\n");
  197. // Session ID might have been regenerated after login - try to find by user
  198. // Check if user is authenticated
  199. $token = $this->tokenStorage->getToken();
  200. if ($token && $token->getUser() && method_exists($token->getUser(), 'getId')) {
  201. $user = $token->getUser();
  202. $this->writeLog(" - User authenticated, searching by user_id: " . $user->getId() . "\n");
  204. // Find the most recent session for this user (open OR closed by timeout)
  205. // First try to find an open session
  206. try {
  207. $sessionLog = $this->sessionLogRepository->findOneBy(
  208. ['user' => $user, 'logoutAt' => null],
  209. ['loginAt' => 'DESC']
  210. );
  211. } catch (Exception $e) {
  212. $this->writeLog(" - Error finding session: " . $e->getMessage() . "\n");
  213. return;
  214. }
  216. // If no open session, try to find the most recent timeout session
  217. if (!$sessionLog) {
  218. try {
  219. $sessionLog = $this->sessionLogRepository->findOneBy(
  220. ['user' => $user, 'logoutType' => 'timeout'],
  221. ['loginAt' => 'DESC']
  222. );
  223. } catch (Exception $e) {
  224. $this->writeLog(" - Error finding timeout session: " . $e->getMessage() . "\n");
  225. return;
  226. }
  228. if ($sessionLog) {
  229. $this->writeLog(" - Found timeout session by user, reopening with session_id: $sessionId\n");
  230. }
  231. }
  233. if ($sessionLog) {
  234. $this->writeLog(" - Found session by user, updating session_id from " . $sessionLog->getSessionId() . " to $sessionId\n");
  235. // Update the session_id (Symfony regenerated it after login)
  236. $sessionLog->setSessionId($sessionId);
  237. $this->entityManager->flush();
  238. } else {
  239. $this->writeLog(" - No session found for user (neither open nor timeout)\n");
  240. return;
  241. }
  242. } else {
  243. return;
  244. }
  245. }
  247. $this->writeLog(" - Found session for user: " . $sessionLog->getUsername() . "\n");
  249. // Check if session was auto-closed by timeout - reopen it
  250. if ($sessionLog->getLogoutAt() !== null) {
  251. if ($sessionLog->getLogoutType() === 'timeout') {
  252. $this->writeLog(" - Session was auto-closed, reopening\n");
  253. $sessionLog->setLogoutAt(null);
  254. $sessionLog->setLogoutType(null);
  255. $sessionLog->setDuration(null);
  256. } else {
  257. // Manual logout - don't reopen
  258. $this->writeLog(" - Session manually closed, not reopening\n");
  259. return;
  260. }
  261. }
  263. $this->writeLog(" - Updating lastActivityAt\n");
  264. $sessionLog->setLastActivityAt(new DateTime());
  265. $this->entityManager->flush();
  266. $this->writeLog(" - Updated successfully\n");
  268. // Update throttle timestamp
  269. $session->set('_session_log_last_update', $now);
  270. }
  272. // 🔹 Función helper para escribir logs portables
  273. private function writeLog(string $message): void
  274. {
  275. $logDir = $this->kernel->getProjectDir() . '/var/tmp';
  276. if (!is_dir($logDir)) {
  277. mkdir($logDir, 0777, true);
  278. }
  279. $logFile = $logDir . '/session_tracker.log';
  280. file_put_contents($logFile, date('Y-m-d H:i:s') . " - $message\n", FILE_APPEND);
  281. }
  282. }