tags:

views:

47

answers:

2

Hi

How do I know how many seconds it will be until a php session expires?

I'm building a web application where users might spend a lot of time typing into big text fields, but for security reasons I still want sessions to time out after a reasonably short period. I want to warn them if their session is about to expire so they can save or take some other action to keep it alive.

Any tips? thanks!

+2  A: 

You can store the expiration time in the database and then display an alert when that is about to happen. Or you could store the expiration time in a cookie value, and then have javascript that constantly checks to see if the session is about to expire.

webdestroya
thanks for the quick answer: how do i know what the session expiration time is? I've been crawling through the php docs but not had much luck...
Steve
@Steve where did you look? what page?
Col. Shrapnel
Do you mean the "default" session expiration time? I think the default would be 1440 determined by `session.gc_maxlifetime` (which would start garbage-collecting the session after 1440 seconds) but the cookie can last for as long as you set it (default is until browser is closed). Look at http://www.php.net/manual/en/session.configuration.php
webdestroya
http://nz2.php.net/manual/en/function.session-cache-expire.php doesn't seem to tell me what I want. http://nz2.php.net/manual/en/function.session-get-cookie-params.php offers the cookie_lifetime, which defaults to "0" (meaning when the browser is closed). I want to know roughly what unixtime the server is going to invalidate any given session.
Steve
Well you would just have to do simple sums to figure it out, something like `time()+1440` for whenever the session is created.
webdestroya
@webdestroya: yes, of course. I'd spotted gc_maxlifetime but skipped over it because of the gc_probability and gc_divisor. Silly me. Looks like this is the number i needed. I knew the default was roughly 20 minutes...
Steve
@steve every time your server involved, it is max value of session.gc_maxlifetime. and session_cache_expire is quite different value, it's another matter.
Col. Shrapnel
@webdestroya: thanks so much for your help: i upvoted your comment and answer. I wish I could give two ticks... one for you and one for Col Shrapnel...
Steve
@steve thanks for the upvote :) glad to help out
webdestroya
+2  A: 

that's very easy. you have always session timeout left, which is 1440 seconds by default. to get actual value you can use

$seconds=ini_get('session.gc_maxlifetime');

but there is another way, better one. if your application get a text after session expired, save this text into session, ask for the password, and then save the text as if it was the regular submit.

Col. Shrapnel
Thanks. Elegant solution re saving text into the session and re-authenticating
Steve