I used this code in .htaccess file:
php_value session.cookie_lifetime "3600"
and use this function for renew timeout session :
private function renewCusTimeout(){
$_SESSION["customer"]["usertimeout"]=time();
}
but it's have problem because i set session for example one hour when their login and when customer surfing and doing every thing in my web site that time extended and renew.
but cookie can't renew time .and when first 3600 seconds was spent then customer logout .
It's problem is session.cookie_lifetime in .htaccess not extended the time when customer surfing and it's only set time when login.
how can extended session.cookie_lifetime time when customer yet login and doing every thing ?
You can't make a session last when a browser closes. That's sort of the whole point of sessions. Try cookies instead. Also, timeout is measured in idle time; i.e. when the user isn't doing anything. So changing the value in .htaccess won't affect it. Read about cookies here.
Related
I have created one simple website for my client. Using Register and Login form with the session.
I want to maintain session after closing the browser, shut down the computer and reopen website after the 1 day. (No need to re-login).
I have already used below code for that but still not getting success.
setcookie('PHPSESSID',session_id(),60*60*24);
session.gc_maxlifetime = 1440
php_value session.gc_maxlifetime 7200
session.gc_maxlifetime=315360000
session.use_cookies=1
session.cookie_lifetime=315360000
Please guide me if any wrong from my side.
Setcookie expire argument is not a time value, it's a Unix value.
As you written the cookie should expire January 2 1970.
What you should do is use time()+60*60*24 if you want one day cookie lifetime.
So in this zend 1 application, when I go to start page, I can see that there is a cookie named PHPSESSID.
I then log in (a custom login) and the user can go through protected pages.
But if he is inactive for more than 30 minutes, when then requesting a protected page the application will redirect him to login page.
What I was focusin on was the PHPSESSID. Which initially was set to 30 minutes. I increased that by adding "28800" to what seems to be a global call to setcookie.
When I then reloaded the page, I could see that PHPSESSID would expire after 8 hours.
Despite this, the use is still being logged out after 30 minutes.
So changing cookie expiration didn't gave anything.
What's next? Changing the php session duration?
Current relevant values are:
session.cache_expire: 180
session.gc_divisor: 1000
session.entropy_length:32
session.gc_maxlifetime: 14400
session.gc_probability:1
session.name: PHPSESSID
Or is this related to the framework itself? Somewhere in Zend to adjust the expiration of the session?
If you are using zend then try this.
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$authns = new Zend_Session_Namespace($auth->getStorage()->getNamespace());
$authns->setExpirationSeconds(60 * 30); //expire auth storage after 30 min
}
If you have multiple php site storing session files in the same dir - php gc processes may have different set for session. In this case store session files in another, only for you site, directory.
I am developing a simple php website named : http://www.dopanchat.com
In this site I used session to develop the login system, everything work fine but after some amount of time (for example, after 1 hour) the session expires automatically and user logged out from my site.
I don't know if it's server problem or anything else.
please help me to resolve this problem, you can check here : http://www.dopanchat.com
Extending your session timeout is an approach but I won't recommend to expand it too much :)
Instead your application could detect user activities and refresh the session expiry time accordingly.
After all it doesn't really matter what is the session's timeout at some point user will lose the authentication due to the expired session.
Basically the expiry count down always starts after user's last action and not from the moment s/he logged in to your system.
Try this :
// Time in secondes before the session expires
ini_set('session.gc_maxlifetime', 3600);
// Time in secondes before the ID's session in the cookie expires
session_set_cookie_params(3600);
// Start session
session_start();
If think this gonna work. Tell me if it work !
(Sorry for my bad english :D)
you can extend session expire time by adjusting php.ini file as follows
session.gc_maxlifetime=86400 //1 day
session.gc_divisor=5000
session.gc_probability=1
gc_divisor and gc_probability are responsible for cleaning expired session files, by above config session will valid for 1 day
I want to set joomla front end session to never expire automatically.I am thinking that session time out limit should be 45 days so that users visiting site even after 44 days they still be logged in.I set session timeout limit in back end in the global configuration to expire in 64800 minutes and also I updated the session.gc_maxlifetime to say 3888000 but still it is not working.
Joomla creates the cookie with the name d58ba4091c622661a0d46f03b412ac8b and expiry time says 'At end of session'.
This means that session will expire whenever a user close the browser.
Expiry time should be changed for this cookie according to configuration settings but it still say At end of session .
for an example how stackoverflow session works I need to do in same way.
Is there any way to change this cookie life time from 'At end of session' to something I want?
Should I hard code time limit where this cookie come in existences or how to do this?
Thanks.
Use this plugin:
http://extensions.joomla.org/extensions/administration/admin-desk/13982
You definitely don't want to make the session never expire because this will cause all kinds of server and security issues. You need to change the expiration of the cookie to some date in the future. The easiest way to do this would be a plugin that checks for the cookie and updates the exiration.
I have a web application that pings a database every minute or so to check for new entries. The page is designed to not really have any interaction with... You just keep it open and it displays things. The page is password protected, and the site can be up for a coupe days without anyone clicking in the web browser or anything. I've found after it's up for like a day or so it stops checking the database (through an Ajax request) and then if you refresh the page manually it brings you to the login page again. I'm assuming that's because the session which has the login information expires. I never set an expiration time, but does PHP automatically destroy the sessions after a certain amount of time? What do I do to fix this?
Thanks
Thanks for all the replies... Is there a way to set the session to never expire with out just changing the PHP settings themselves?
The default value of session.gc_maxlifetime is 1440 seconds. So the garbage collector assumes a session to be expired when the last modification was at least 1440 seconds ago.
Note that when using a cookie for the session ID it might have a different lifetime. The default value 0 of session.cookie_lifetime makes the cookie a session cookie, that means it expires when the browser session is ended (i.e. the browser is closed).
See also my answer on How do I expire a PHP session after 30 minutes? for further information on session expiration.
From php.ini:
; Lifetime in seconds of cookie or, if
0, until browser is restarted. ;
http://php.net/session.cookie-lifetime
session.cookie_lifetime = 0
That would be the default if I'm not mistaken. Either set it to zero (if it's not already set) or just use another cookie.