I made a website with login features, but sometimes users are automatically logged out. I have other websites and have never experienced this issue before. My website is hosted. My session script is
if(#username and password is match#)
$_SESSION['front_end_user'] = $username;
The difference between this website and my other website is that in this website I use full jquery interaction. Could this effect the session? If not what is the problem?
I have checked all my pages and there are no session_destroy or unset statements.
The session usually expires after 24 minutes. By the way you can set this session timeout to last more, but I'd not suggest this. I'd use a cookie solution. (For this google "remember me tutorial" and you'll find out).
I think this is session time out. Your session is timing out after a certain amount of time and this is a normal behaviour of all applications.
PHP's default session time out value is 24 minutes. This mean that session will be timed out after the inactivity of 24 minutes.
Although you can increase session time out limit but note that should not be big amount.
Related
I am developing a simple php website named : http://www.dopanchat.com
In this site I used session to develop the login system, everything work fine but after some amount of time (for example, after 1 hour) the session expires automatically and user logged out from my site.
I don't know if it's server problem or anything else.
please help me to resolve this problem, you can check here : http://www.dopanchat.com
Extending your session timeout is an approach but I won't recommend to expand it too much :)
Instead your application could detect user activities and refresh the session expiry time accordingly.
After all it doesn't really matter what is the session's timeout at some point user will lose the authentication due to the expired session.
Basically the expiry count down always starts after user's last action and not from the moment s/he logged in to your system.
Try this :
// Time in secondes before the session expires
ini_set('session.gc_maxlifetime', 3600);
// Time in secondes before the ID's session in the cookie expires
session_set_cookie_params(3600);
// Start session
session_start();
If think this gonna work. Tell me if it work !
(Sorry for my bad english :D)
you can extend session expire time by adjusting php.ini file as follows
session.gc_maxlifetime=86400 //1 day
session.gc_divisor=5000
session.gc_probability=1
gc_divisor and gc_probability are responsible for cleaning expired session files, by above config session will valid for 1 day
I have a social website. People use login with username and password. I am creating a session when they log in but some time later session time ends and they have to log back in again. I used the code below to make this time longer but still sometime later session time runs out. I checked SESSID with cromes cookie viewer and saw session still has time but in the browser it does not see that time. I hope i explained my problem well. Here is the code to create the session on login:
$lifetime=3600*24*7;
session_start();
setcookie(session_name(),session_id(),time()+$lifetime);
You need to take a look at: session.gc_maxlifetime in your configuration. This needs to have a high enough value, to keep the session alive. Also if you are using Memcache or some other caching for your sessions, the TTL there needs to be set, too.
I am working on a website hwere i need to introduce security for reasons, my website automatically signs users out after 10 minutes of inactivity. The behavior is, at about 8 minutes of inactivity, a jquery ui dialog pops up, warning the user of their impending timeout. The user can choose to stay signed in, sign out now, or do nothing and they are forced to sign out at the end of the 10 minutes. I achieve this through a javascript code snippet that timeouts (no mouse/keyboard event) and reset any time the user does what I consider an "activity".
My problem is i can make this thing run for my single webpage but have no clue how to use this for complete domain. I have thought of cookies to achieve this feat as well but not very sure. If someone can suggest me what approaches i shall follow for my task, it will be great possi. bly with code example
Get this timeout script running on my complete domain rather than a single webpage. Possibly using cookies or something else.
I would recommend against javascript and create a complete PHP solution.
This can be achieved simply by giving a user a cookie that expires after 10 minutes on each PHP page. That way, the cookie is renewed with each visit, and if they come back after that ten minutes, the cookie is gone and the system will no longer recognize them.
I would also suggest against sessions, they can get messy easily, and if you want to expand to multiple machines to load balance, it becomes almost impossible to manage. It's not a realistic production tool.
Call this every page - This will check if they already have a cookie, if they do, it will renew it with the same value for ten minutes (60 seconds times ten minutes). You can change the cookie name of 'user' to whatever you want.
if(isset($_COOKIE['user'])){
setcookie('user', $_COOKIE['user'], time()+60*10);
//put your user validation code here to make sure the cookie is real
//then you can put your logged in specific data under it.
}
To authorize a user in the first place, most likely when they login, you can do this:
setcookie('user', $value, time()+60*10);
And if you want to log someone out, you can do this:
setcookie('user', '', 0);
Best of luck!
You can use session and/or cookies for this matter. The way you use them, is that in every page of your website you first check for the cookie/session, and only then proceed. So if your user is logged out once, and attempts to go to another page on the website, he/she will first have to login and only then he can proceed, since the session is no longer available for that user.
Something of this sort -
<?php
if( $this->session->userdata('logged_in') == FALSE )
{
// Login again
}
else
{
// Display the page
}
?>
You can do this by setting their session cookie to expire after 10 minutes. Use session_set_cookie_params() to set the duration of the cookie (first parameter).
session_set_cookie_params(600, '/', 'www.example.com', false, false);
session_start();
Make sure you call it before session_start().
You would then use JavaScript to check the expires parameter of the cookie. If it is getting close to the expired time you then would use that same JavaScript to show them the dialog warning their session is about to expire
I want to set joomla front end session to never expire automatically.I am thinking that session time out limit should be 45 days so that users visiting site even after 44 days they still be logged in.I set session timeout limit in back end in the global configuration to expire in 64800 minutes and also I updated the session.gc_maxlifetime to say 3888000 but still it is not working.
Joomla creates the cookie with the name d58ba4091c622661a0d46f03b412ac8b and expiry time says 'At end of session'.
This means that session will expire whenever a user close the browser.
Expiry time should be changed for this cookie according to configuration settings but it still say At end of session .
for an example how stackoverflow session works I need to do in same way.
Is there any way to change this cookie life time from 'At end of session' to something I want?
Should I hard code time limit where this cookie come in existences or how to do this?
Thanks.
Use this plugin:
http://extensions.joomla.org/extensions/administration/admin-desk/13982
You definitely don't want to make the session never expire because this will cause all kinds of server and security issues. You need to change the expiration of the cookie to some date in the future. The easiest way to do this would be a plugin that checks for the cookie and updates the exiration.
I'm keeping track of the time that users are logged in. After they close the whole browser they are logged out; but when they only close the tab (there's only one tab), and navigate back to the website within a few minutes they are logged in again.
Someone told me that this behavior can be changed in the server configuration. Does anyone know how?
I'm using PHP 5.2 and Apache. Just a normal webserver. I'm also using the Kohana 3 PHP framework. For logging users in there's being a session set with a cookie, in the cookie there's a session id.
Thanks!
You cannot reliably find out when the user closes your page - unload-related events also trigger when navigating to another subpage on your side.
So the most common solution is to simply make a session time out after x minutes of inactivity.
Additionally, if you set your session (id) cookies without an expiry time ("session cookies") they will be deleted when the browser is closed.
By the way, a not really good "solution" for your request would be setting the session expiry time to a very very low value (30 seconds) maybe and "refresh" the session through an AJAX request in the background every ~15-20 seconds. However, if someone's connection is very slow the request might arrive too late and besides that, this solution would cause lots of unnecessary traffic.