ansaurus

Question

Answer 1

A:

Try to use this part of code:

  session_start();
  $inactive = 600;
  $session_life = time() - $_SESSION['timeout'];
  if($session_life > $inactive) { 
     session_destroy(); 
     header("Location: logoutpage.php"); 
  }
  $_SESSION['timeout']=time();

Alexander.Plutov 2010-08-13 12:02:05

Okay so I have a library php page that is included on every page of the site, I'm assuming whenever they log in I would start the session timeout. Would I use that bit of code in the library so that everytime they load a page it updates their activity?

jefffan24 2010-08-13 12:04:40

This will destroy every session after 10mins of inactivity. Delete everything expect the first and the last line of this code and you'll have the real answer to the question.

svens 2010-08-13 12:06:29

And for the love of goodness, test the existence of variables before using them! Assuming $_SESSION['timeout'] to be valid is Bad(TM)

Fake51 2010-08-13 12:36:39

Answer 2

A:

session_set_cookie_params() can be used. The manual for this function is here

Liam Spencer 2010-08-13 12:05:04

Answer 3

A:

Hello, You can use it technique to make compatible your application according to You.. You have to make few changes according to your system

// Get the current Session Timeout Value
$currentTimeoutInSecs = ini_get(’session.gc_maxlifetime’);

Change the Session Timeout Value

// Change the session timeout value to 30 minutes  // 8*60*60 = 8 hours
ini_set(’session.gc_maxlifetime’, 30*60);
//————————————————————————————–

// php.ini setting required for session timeout.

ini_set(‘session.gc_maxlifetime’,30);
ini_set(‘session.gc_probability’,1);
ini_set(‘session.gc_divisor’,1);

//if you want to change the  session.cookie_lifetime.
//This required in some common file because to get the session values in whole application we need to        write session_start();  to each file then only will get $_SESSION global variable values.

$sessionCookieExpireTime=8*60*60;
session_set_cookie_params($sessionCookieExpireTime);
session_start();

// Reset the expiration time upon page load //session_name() is default name of session PHPSESSID

if (isset($_COOKIE[session_name()]))
    setcookie(session_name(), $_COOKIE[session_name()], time() + $sessionCookieExpireTime, “/”);
    //————————————————————————————–
    //To get the session cookie set param values.

    $CookieInfo = session_get_cookie_params();

    echo “<pre>”;
    echo “Session information session_get_cookie_params function :: <br />”;
    print_r($CookieInfo);
    echo “</pre>”;

All the Best !!!!

Rahul Patil 2010-08-13 12:09:58

The Garbage Collector does not have to do with the session lifetime. -1

Brad F Jacobs 2010-08-13 14:49:03

It actually does. You're probably thinking of cookie expiration.

Álvaro G. Vicario 2010-08-25 08:07:58

Answer 4

+1 A:

Random expiration is a classical symptom of session data directory shared by several applications: the one with the shortest session.gc_maxlifetime time is likely to remove data from other applications. The reason:

PHP stores session files in the system temporary directory by default.
The builtin file handler doesn't track who owns what session file.

My advice is that you configure your own session directory:

<?php
session_save_path('/path/to/writable/directory/inside/your/account');
ini_set('session.gc_maxlifetime', 3*60*60); // 3 hours
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);
ini_set('session.cookie_secure', FALSE);
ini_set('session.use_only_cookies', TRUE);
session_start();
?>

Álvaro G. Vicario 2010-08-24 10:40:45

Answer 5

A:

Debian uses a cron job to automatically expire sessions in a secure manner. If you are using Debian, look at /etc/cron.d/php5.

Docunext 2010-08-28 19:55:03

ansaurus

tags:

views:

answers:

PHP sessions timing out to quickly

related questions