Zend framework session expires prematurely

Question

This should be extremely simple, but I can't seem to get it!

I'm using Zend Framework for PHP and handling sessions with the Zend_Session module. This is what I have in my Initializer (or bootstrap):

Zend_Session::start();
Zend_Session::rememberMe(864000);

864000 seconds should be good for 10 days, but I'm still being kicked out at about an hour (or maybe a little less). I've tested to see if this statement works at all by setting it to 10 seconds, and indeed I am kicked out at the appropriate time, but when I set it to a very high value, it doesn't work! I went through some of the documentation here: http://framework.zend.com/manual/en/zend.session.html

Another method I saw was to use the following:

$authSession = new Zend_Session_Namespace('Zend_Auth'); 
$authSession->setExpirationSeconds(3600);

Now, I have different namespaces. Does this mean I have to set this for all of them if I want to keep them from expiring? I haven't tested this method of setting the expiration, but I really wanted to see what the gurus on here had to say about what the correct way of approaching this problem is. Thanks a lot guys...

Also, does anyone know how I can make it so that the session never expires? I've tried setting the second to 0 and -1, but that throws an error.

Thanks again! :)

Answer 1

Are there other PHP applications running on the server?

Assuming you're using the standard, file-based, session handler, PHP will store all sessions in the same place (typically /tmp).

If you have some other script on the server using the default session_gc_maxlifetime settings, it may be eating your session files.

The easiest fix to try is to configure PHP to store session files for this application someplace special -- that way other apps running on the server will never accidently "clean up" session data from this app.

Try creating a directory like /tmp/myAppPhpSessions (or whatever), and adding:

ini_set('session.save_path','/tmp/myAppPhpSessions');
ini_set('session.gc_maxlifetime', 864000);

at the very top of your bootstrap file.

Make sure session.auto_start is off in php.ini

Answer 2

Try calling remember me before starting the session:

Zend_Session::rememberMe(864000);
Zend_Session::start();

Otherwise I believe it will use the default of remember_me_seconds. See 49.4.4. rememberMe(integer $seconds)

Also, does anyone know how I can make it so that the session never expires? I've tried setting the second to 0 and -1, but that throws an error.

I don't think that is possible. The session is controlled by whether the cookie exists on the users computer. Those cookies can be deleted, even by the users if they clear their cache. I think the best you can do is set it to a very large number. Say 12 months.

Answer 3

I guess you are using ZF 1.8 or above , so you can put in the config.ini file

resources.session.save_path = APPLICATION_PATH "/../data/session" resources.session.remember_me_seconds = 864000

and these setting will automatically loaded again only in ZF 1.8 or above if not you had to load these config manually i hope it helps you :)

Answer 4

Your client's computer clock, date, AND time zone need to be set correctly for session expirations to work. Otherwise the time conversions are off, and likely causing your cookie to expire the minute it hits the their browser.

Answer 5

I've had the same problem and solved it by putting:

resources.session.save_path = APPLICATION_PATH "/../data/session/"
resources.session.gc_maxlifetime = 864000
resources.session.remember_me_seconds = 864000

in the application.ini (as suggested by tawfekov) and

protected function _initSessions() {
    $this->bootstrap('session');
}

in the Bootstrap.php (this I typically forgot at first). You have to give the session directory the correct access rights (chmod 777). I described the issue on http://bit.ly/cYRsJj - maybe this will help the next person.