tags:

views:

104

answers:

2
Q: 

CakePHP Session Expires Even When Browser is Active

I am working on a e-commerce project using the Auth Component for authentication and Sessions Component for storing my cart.

The problem is that the session gets cleared abruptly after a while even when I am actively browsing the site. I know this should be because of the Session timeout but just increasing the timeout value is not the solution I am looking for.

I want the session to expire only when a user closes his browser. Can this be achieved?

A: 

AFAIK all you can do is to set a session timeout variable far into the future. Sessions are automatically cleared when the browser is closed (unless you set a Remember Me type cookie). Setting it far into the future will effectively accomplish what you need to do.

How long into your session is it timing out? It should only timeout when your user is inactive for a period of time. If it times out in-between requests, and you know the timeout time has not elapsed, you have some other issues going on. What are the settings in your core.php file regarding your security levels and session timeouts?

Travis Leleu  2010-07-21 16:22:24
Hey, thanks for replying. I have set the Security.level to high and the Session.timeout is set to 120 secs. As per your suggestion I can set the timeout to a higher value but in that case the sessions are staying active even when I can close my browser and come back later. Anyways, I guess there is no way to determine if the browser was closed as its on the client side.
aadravid  2010-07-22 09:52:41
Setting the security level to high has other implications beyond just multiplying the session timeout, IIRC. It adds referer checking when med|high. When set to high, it's regenerating the session ID between *every* request. I'd advise you to turn it to medium. Then when you close the browser (whole browser must exit, not just that tab... check your task manager to make sure it's gone) it'll close the session. And yes, you cannot determine if the browser was closed client side.
Travis Leleu  2010-07-22 15:55:12
Ok, thanks... I have changed it to medium and things are working fine so far! :)
aadravid  2010-08-04 23:10:50
ill keep my fingers crossed for ya!
Travis Leleu  2010-08-05 00:19:04
A: 

Check your php.ini settings.

Leo  2010-07-21 17:21:17

related questions

What is typically the length of your optimal coding session?
What's the most current, good practice, and easiest way to use sessions in PHP?
What can cause an ASP.NET worker process to be recycled?
How do I explicitly set asp.net sessions to ONLY expire on closing the browser or explicit logou?
session variable mixup in ASP.NET?
In Classic asp, can I store a database connection in the Session object?
What are the advantages and disadvantages of the Session Façade Core J2EE Pattern?
Different values of GetHashCode for inproc and stateserver session variables
Best way for allowing subdomain session cookies using Tomcat
Is there a way to specify a different session store with Tomcat?
PHP: $_SESSION - What are the pros and cons of storing temporarily used data in the $_SESSION variable
What is the best way to handle sessions for a PHP site on multiple hosts?
How much data can/should you store in a users session object?
ASP.Net Session_Start event not firing
Logging image downloads
ASP.Net: If I have the Session ID, Can I get the Session object?
Secure session cookies in ASP.NET over HTTPS
Django Sessions
Can I put an ASP.Net session ID in a hidden form field?
Always including the user in the django template context
Rails - recovering database from Production.log
Most efficient way to get data from the database to session
What is the best way to prevent session hijacking?
FOSS ASP.Net Session Replication Solution?
How do I best detect an ASP.NET expired session?