tags:

views:

170

answers:

5
+2  Q: 

Keep Accounts Logged In

We have an internal control panel that all employees in the office are logged into all day, including customer service. I'd like for it to be setup so that it keeps you logged in for 1 hour before your session expires. How can I change this in the PHP.ini? I made a change before I understood would keep the session open until the browser window was closed but it didn't stick.

A: 

I don't think this can be done from the php.ini file. I think you either want to store the login time on the server and compare that with the current time and delete if 60mins have passed, or alternatively, use cookies -- these can have an explicit lifespan. See this for more information on cookies.

Andy  2010-06-17 20:45:05
+1  A: 

The most secure place to implement this would be in your application. You can store the session update time in $_SESSION on each page load. Before you update it, you check if it has exceeded the 60 minute limit, in which case you can use session_destroy() to terminate the session, followed by a redirect to the login page (or similar).

igorw  2010-07-03 14:55:53
+8  A: 

There are two different values you can set:

session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up.

and session.cookie_lifetime which is how long the cookie will last.

http://www.php.net/manual/en/session.configuration.php

both values can be set in the php.ini file, but might get overriden in .htaccess files or in your scripts using ini_set.

Bastian  2010-07-03 15:04:16
A: 

You could try to force a new value into the maxlifetime of your session:

ini_set('session.gc_maxlifetime', 3600);

Or you could make your own custom session handler, there is a bunch of examples on this link: http://www.php.net/manual/en/function.session-set-save-handler.php

Prix  2010-07-03 15:04:25
+3  A: 

You can also do this client-side using JavaScript. Use an AJAX call to periodically 'check-in' with the server, keeping the PHP session alive. You can also monitor if the user is doing anything on the current page, show them a '2 minute warning' message, or even redirect them to a 'session terminated' page when the 1 hour inactivity period is reached. You could even use this to 'force' a user to be signed out.

This isn't as secure as doing it purely in PHP, but does give you more flexibility to build cool features.

Colin O'Dell  2010-07-04 01:32:29

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases