I have heard many times that a session get destroy as our browser close.
Then how I keep logged in after closing and reopening my browser.
Please help
You keep login because your sessions are not destroyed even when the browser is closed. Sessions destroying on the closing of the browser is default behaviour but but this does not mean its the only behaviour. You can extend the expiry time of session.
This behaviour can be changed in the php.ini file by altering the line:
Keeping a session alive indefinitely
session.cookie_lifetime = 0
So just check when you have set the expiry time for the sessions. Although using cookies will be a good option
Note:- Remember to restart your web server after making this change.
You have to use Cookies.
You can use the setcookie() function and read the value with the $_COOKIE['cookiename'] variable.
Use cookies, with a predefined expire time, I like 1 year
You can use cookies. Cookies are data that is stored directly on the HDD so that even if the browser was closed, cookies still can be read if it haven't expired yet.
Here is an example of setting up a cookie.
Paste this code BEFORE the tag.
<?php setcookie("$name", "$value", $time); ?>
Where $name is the cookie name, $value is the cookie value and $time is the time when your cookie will be expired. For example $time = time()+86400; will set your cookie to expire after 1 day. The 86400 value is the number of seconds in a day, 60seconds times 60minutes times 24hours, so 60x60x24 = 86400.
Related
I am new to php , I came across cookie and persistent cookie and i understand the difference between them.My question is that how can i make cookie persistent or temporary.I found only one syntax for cookies
<?php
setcookie("user", "Alex Porter", time()+3600);
?>
Thanks
Phisically speaking, there is only one kind of cookie. You can make it persistent by choosing a large enough expiration time. If the expiration time is set to 0, the cookie will last only until your page is opened in the browser.
Your example cookie is persistent, it expires in one hour.
Here is a link with a short explanation.
Most likely you can hardly access the phisical cookie on your hard disk, because borwsers store them in their internal logic. For example Firefox store cookies in a local SQLite database file in the browser's profile folder.
When creating a cookie, 3rd argument (time()+3600 in your example) specifies cookie's expiry date.
time()+3600 means now+3600 seconds, which is 1 hour in the future. Time() function returns current time (unix time) in seconds.
There is no such thing as a really permanent cookie, more like expiring far in the future cookie.
I want to destroy the cookie by the php condition but i have not got anything to do that after the lots of research on the google and php manual . i have read at some place that setcookie('cookie_name'); but it just erase the cookie so my question is that how to destroy cookie by php ?
When deleting a cookie you should assure that the expiration date is in the past, to trigger the removal mechanism in your browser
setcookie ("cookie_name", "", time() - 3600); // set the expiration date to one hour ago
Manual.
There is no way to erase a cookie in PHP perse. What setcookie("cookie_name"); does is it instructs the browser to keep the cookie untill now, meaning that it can clean it up (you normally give it a date sometime in the future).
You can not force a cookie to be deleted.
If you need better control over what data is kept in the current session use server-side session storage. Keep only the session_id in the cookie.
Destroying cookies is upto the browser however you can remove a cookie (which is the same for your app) by setting the date in the past:
setcookie($cookie_name, "", 1);
Most set the time to 1970.
Ha! #MikeBrant makes a good point. Since PHP can't understand if setcookie was done to remove a cookie $_COOKIE is still set after issuing this command so you have to unset it.
How to delete session cookie on browser close, or optionally detect and force "new" session for a returning user. I want to prevent storing session cookies by "session managers" like addons in firefox and such.
I guess you could use this :
session_set_cookie_params(0);
session_start();
Destroy PHP Session on closing
Session manager are designed to save session cookie : I don't think you can prevent their behavior.
However, you can set your php configuration to have a non-used session garbage collected really fast : Then the session, after a few amount of time (basically, 1 hour), will be invalidate. See the session.gc_maxlifetime parameter.
fortunately a website can't force anything to happen on the clients machine. if you don't want to rely on the browsers cookie-management and those addons, one way would be to not use cookies for sessions and use the good old session-id get parameter instread (or, alternatively, set the session-lifetime to something like 1 or 2 hours, but this isn't exactly what you wanted)
I don't think you'll be successful on this route.
If you need to log out the user so quickly, consider using a very short session lifetime (like, one minute) and keeping the session alive using a JavaScript setInterval or an iframe that refreshes itself every thirty seconds.
Is session_start() supposed to extend the life of the session ID cookie by the session.gc_maxlifetime variable?
My session.gc_maxlifetime is 24 minutes, and each session is only living 24 minutes regardless of additional activity on the site. I get my session, refresh the page, and the expiration time does not change. This results in a logout after 24 minutes of login, no matter what. Is there something wrong with my configuration?
I had problem with this too. I was thinking that each
session_set_cookie_params($sessionTime, '/', $domain);
session_start();
causes that expiration time for cookie PHPSESSID is extended. But really cookie PHPSESSID is set by session_start() only first time in session when new session id is generated.
My goal was that session expiration time should regenerate each time a page was opened. I figured out that session can expire because of two reasons:
Cookie PHPSESSID expires, and its expiration time isn't regenerated by session_start(), so session will always expire because of cookie with expiration time.
No activity of user will cause that session will expire on server side. It is set by ini_set('session.gc_maxlifetime', $sessionTime).
Solution in this case is when you won't set expiration time for cookie, but session.gc_maxlifetime is still set:
function my_session_start($maxtime = 300)
{
ini_set('session.gc_maxlifetime', $maxtime);
session_set_cookie_params(0, '/', "." . $domain);
session_start();
}
Most important is 0 in session_set_cookie_params(0, '/', "." . $domain) then cookie won't expire and there is no need to extend its expiration time. This cookie will be removed when browser is closed. Then we are limited only by time which expires on server side.
I had also problems with that I couldn't extend PHP session time by jQuery Ajax PINGs because of that I had set expiration time for PHPSESSID in cookie. 0 resolves all problems with not expected ends of sessions. Sorry for my English. Good luck.
I've noticed this behavior in PHP and tried every configuration on PHP but no luck so far.
My sessions were dying on exact time from first session_start(), lookig at cookie lifetime, it was not renewing its expiry time.
My application already has an important client count, about 60 connections per second, so the GC was hit every 1.5s (i guess).
My solution for cookie time not extending was something like this (It may seem not to elegant, but worked for me).
function my_session_start($maxtime = 300){
// $maxtime = 300 for 5 minutes
session_start( [ 'gc_maxlifetime' => $maxtime ] );
$_sess_name = session_name();
$_sess_id = session_id();
setcookie( $_sess_name, $_sess_id, time() + $maxtime, '/' );
}
It's my particular solution, as the question says "session ID cookie". May not be the optimal, but indeed it works for me!
I think this post will provide the solution you are looking for: Session timeouts in PHP: best practices
Basically, when session_start() is called, there is a 1% probability (by default) that the garbage collector will be run. When the garbage collector is run it scans for and deletes expired sessions. However, when you are the only user accessing the page (which you probably are, during development) or there are very few users, the garbage collector will only run when you access a page. This happens AFTER session_start() is called, effectively resetting the timer. Instead of trying to work around this, just implement your own session_start() function which enforces the timeout. Try the function that the #Glass Robot posted, in the link I gave you above.
Does the $_SESSION expire at any time point? Obviously you can call session_destroy() or close the browser. I just had a application fail because it was relying on the session and the browser had been open for 2 days. I guess the session must have expired.
Yes it can be configured in the php.ini. See here http://www.php.net/manual/en/function.session-cache-expire.php
I think one way is to set http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime , but then you rely on the browser to really delete the session cookie when it expires. So it would be best to save the last-seen-time in the session and remove sessions when a maximum time is reached.