views:

1214

answers:

5

This should be extremely simple, but I can't seem to get it!

I'm using Zend Framework for PHP and handling sessions with the Zend_Session module. This is what I have in my Initializer (or bootstrap):

Zend_Session::start();
Zend_Session::rememberMe(864000);

864000 seconds should be good for 10 days, but I'm still being kicked out at about an hour (or maybe a little less). I've tested to see if this statement works at all by setting it to 10 seconds, and indeed I am kicked out at the appropriate time, but when I set it to a very high value, it doesn't work! I went through some of the documentation here: http://framework.zend.com/manual/en/zend.session.html

Another method I saw was to use the following:

$authSession = new Zend_Session_Namespace('Zend_Auth'); 
$authSession->setExpirationSeconds(3600);

Now, I have different namespaces. Does this mean I have to set this for all of them if I want to keep them from expiring? I haven't tested this method of setting the expiration, but I really wanted to see what the gurus on here had to say about what the correct way of approaching this problem is. Thanks a lot guys...

Also, does anyone know how I can make it so that the session never expires? I've tried setting the second to 0 and -1, but that throws an error.

Thanks again! :)

+1  A: 

Are there other PHP applications running on the server?

Assuming you're using the standard, file-based, session handler, PHP will store all sessions in the same place (typically /tmp).

If you have some other script on the server using the default session_gc_maxlifetime settings, it may be eating your session files.

The easiest fix to try is to configure PHP to store session files for this application someplace special -- that way other apps running on the server will never accidently "clean up" session data from this app.

Try creating a directory like /tmp/myAppPhpSessions (or whatever), and adding:

ini_set('session.save_path','/tmp/myAppPhpSessions');
ini_set('session.gc_maxlifetime', 864000);

at the very top of your bootstrap file.

Make sure session.auto_start is off in php.ini

timdev
Hi Tim, Thank you for the suggestions. - There are no other applications running on the server that is using sessions- session.save_handler = files is set in my php.ini, so the application is using files for storing sessions- session.auto_start = 0 is set in my php.ini- session.cookie_lifetime = 0 is set in php.ini. Meaning that the cookie will remain until the browser is closed- session.gc_maxlifetime = 1440 is set in my php.ini. I was hoping that one of the Zend_Session functions will override this during runtime, but currently this means that sessions will only last for 24 minutes?
Ali
I'm not familiar with the internals in Zend_Session, I would suggest changing the value in php.ini to your desired value, and see if that fixes it. Since there are no other apps running on the server, that shouldn't be a problem. Also make sure that your php.ini is actually getting read (check output from phpinfo()).
timdev
A: 

Try calling remember me before starting the session:

Zend_Session::rememberMe(864000);
Zend_Session::start();

Otherwise I believe it will use the default of remember_me_seconds. See 49.4.4. rememberMe(integer $seconds)

Also, does anyone know how I can make it so that the session never expires? I've tried setting the second to 0 and -1, but that throws an error.

I don't think that is possible. The session is controlled by whether the cookie exists on the users computer. Those cookies can be deleted, even by the users if they clear their cache. I think the best you can do is set it to a very large number. Say 12 months.

asgeo1
hey asgeo1, thanks for your thorough response. I've actually tried that order and unfortunately it still didn't work :( Regarding the expiry, I actually found my answer here: http://stackoverflow.com/questions/1327351/session-should-never-expire-by-itself I hope you find it useful as well. It's a trick, but what isn't a trick when it comes to web development hehe
Ali
+1  A: 

I guess you are using ZF 1.8 or above , so you can put in the config.ini file

resources.session.save_path = APPLICATION_PATH "/../data/session" resources.session.remember_me_seconds = 864000

and these setting will automatically loaded again only in ZF 1.8 or above if not you had to load these config manually i hope it helps you :)

tawfekov
A: 

Your client's computer clock, date, AND time zone need to be set correctly for session expirations to work. Otherwise the time conversions are off, and likely causing your cookie to expire the minute it hits the their browser.

Shimon Amit
hey Shimon, I've checked those settings, but thanks for taking the time.
Ali
A: 

I've had the same problem and solved it by putting:

resources.session.save_path = APPLICATION_PATH "/../data/session/"
resources.session.gc_maxlifetime = 864000
resources.session.remember_me_seconds = 864000

in the application.ini (as suggested by tawfekov) and

protected function _initSessions() {
    $this->bootstrap('session');
}

in the Bootstrap.php (this I typically forgot at first). You have to give the session directory the correct access rights (chmod 777). I described the issue on http://bit.ly/cYRsJj - maybe this will help the next person.

Jasper
thanks a lot Jasper. I'm still facing the same issue, so I'll try your method as soon as I can.
Ali

related questions