I have a web application that pings a database every minute or so to check for new entries. The page is designed to not really have any interaction with... You just keep it open and it displays things. The page is password protected, and the site can be up for a coupe days without anyone clicking in the web browser or anything. I've found after it's up for like a day or so it stops checking the database (through an Ajax request) and then if you refresh the page manually it brings you to the login page again. I'm assuming that's because the session which has the login information expires. I never set an expiration time, but does PHP automatically destroy the sessions after a certain amount of time? What do I do to fix this?
Thanks
Thanks for all the replies... Is there a way to set the session to never expire with out just changing the PHP settings themselves?
The default value of session.gc_maxlifetime is 1440 seconds. So the garbage collector assumes a session to be expired when the last modification was at least 1440 seconds ago.
Note that when using a cookie for the session ID it might have a different lifetime. The default value 0 of session.cookie_lifetime makes the cookie a session cookie, that means it expires when the browser session is ended (i.e. the browser is closed).
See also my answer on How do I expire a PHP session after 30 minutes? for further information on session expiration.
From php.ini:
; Lifetime in seconds of cookie or, if
0, until browser is restarted. ;
http://php.net/session.cookie-lifetime
session.cookie_lifetime = 0
That would be the default if I'm not mistaken. Either set it to zero (if it's not already set) or just use another cookie.
Related
I have a simple question to which I couldn't find the answer on this page:
https://codeigniter.com/userguide3/libraries/sessions.html#how-do-sessions-work
That is why I ask it here.
But first, let's assume that session will expire in 600 seconds (10 minutes).
So, when the session cookie will actually expire?:
from the first time I open a Codeigniter website and use it for 10 minutes, or
10 minutes after I stop opening pages on that website
Another question if the answer is 1:
Can I somehow extend the session every time the user access the website?
Another question if the answer is 2:
what is happening with sess_time_to_update? Can I extend the life of session_id to match the life of the session too?
Assuming $config['sess_expiration'] = 600; (10 minutes), the session cookie will expire 10 minutes after the last time you accessed the page, or "answer 2" as you called it.
sess_time_to_update controls how long before the session ID is changed, but that has nothing to do with expiration and is entirely transparent to you and/or the user - the ID itself will be changed for security purposes, but all other attributes will be preserved.
The "life of session_id" and "life of the session" are one and the same thing; there will never be a mismatch between them. A file or database record of the expired session may remain for a bit on the server, until the garbage collector clears it up, but without an ID stored in the cookie you effectively have no active session.
I used this code in .htaccess file:
php_value session.cookie_lifetime "3600"
and use this function for renew timeout session :
private function renewCusTimeout(){
$_SESSION["customer"]["usertimeout"]=time();
}
but it's have problem because i set session for example one hour when their login and when customer surfing and doing every thing in my web site that time extended and renew.
but cookie can't renew time .and when first 3600 seconds was spent then customer logout .
It's problem is session.cookie_lifetime in .htaccess not extended the time when customer surfing and it's only set time when login.
how can extended session.cookie_lifetime time when customer yet login and doing every thing ?
You can't make a session last when a browser closes. That's sort of the whole point of sessions. Try cookies instead. Also, timeout is measured in idle time; i.e. when the user isn't doing anything. So changing the value in .htaccess won't affect it. Read about cookies here.
I'm a bit confused with this,
Say the session has been started with default php ini settings where gc_maxlifetime is 1440 seconds. And i supposed to use remember me functionality with this, to which i set cookie lifetime as 14 days. As long as the session max life time set to 24 minutes which is obviously lesser than cookie life time (14 days), after 10 days (for example) the session likely (of course depends on gc probability) to be expired and would have no reference to the session id the remember me cookie has.
So how would setting a remember me cookie lifetime longer than the session lifetime remember/resume the session? or do i need to change the session max lifetime according to the cookie lifetime?
Generally a "remember me" cookie is a persistent cookie, not a session cookie. It contains some encrypted information which allows an automatic login action to occur. i.e. When there is no active session already, but the "remember me" cookie is present, then a new session will be started.
The session GC function will delete session data (which is by default kept in plain text files), while the cookie settings will delete the cookie that keeps the session id.
In order for a session to be active, its data file, and a cookie with its ID must exist (AFAIK).
I have set session timeout time for 20 Minutes as below.Sometime the session timeout is happening in two or three minutes.
ini_set('session.gc_maxlifetime', 1200);
ini_set('session.cookie_lifetime', 1200);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);
What could be the issue?
The 20 minute expiration does not reset when the user browses other pages. The problem is explained in this comment:
As PHP's Session Control does not handle session lifetimes correctly
when using session_set_cookie_params(), we need to do something in
order to change the session expiry time every time the user visits our
site. So, here's the problem.
$lifetime=600;
session_set_cookie_params($lifetime);
session_start();
This code doesn't change the lifetime of the session when the user
gets back at our site or refreshes the page. The session WILL expire
after $lifetime seconds, no matter how many times the user requests
the page. So we just overwrite the session cookie as follows:
$lifetime=600;
session_start();
setcookie(session_name(),session_id(),time()+$lifetime);
And now we have the same session cookie with the lifetime set to the
proper value.
Better, leave the session.cookie_lifetime to 0 so that the cookie expires when the browser is closed. Otherwise, users who assume that closing the browser will end their session will be surprised when they re-open their browser before the 20 minute timeout.
Edit regarding gc_xxxx settings
gc_probability = 1, gc_divisor = 1, gc_maxlifetime = 1200
1/1 implies PHP will check the date of session files for every session_start call.
gc_probability = 1, gc_divisor = 100, gc_maxlifetime = 1200
1/100 means PHP will check the date of session files randomly but approximately once per 100 session_start calls.
The date check itself consist of comparing session file's accessed time with gc_maxlifetime; it deletes the file if wasn't accessed in the past (e.g.) 20 minutes.
Having said that, if the cookie expires because of timeout (or closing of browser when timeout was 0) the session expires immediately since the browser stops sending the expired session id cookie; in which case PHP issues a new session id cookie. The session id file associated with the expired cookie becomes abandoned, does not get accessed anymore; therefore garbage collected anytime as described above.
Last, your specific issue can be resolved (i) by looking at the expiry date of session id cookie (ii) and remembering that cookies with timeout are not renewed when page is visited/refreshed.
I want to set joomla front end session to never expire automatically.I am thinking that session time out limit should be 45 days so that users visiting site even after 44 days they still be logged in.I set session timeout limit in back end in the global configuration to expire in 64800 minutes and also I updated the session.gc_maxlifetime to say 3888000 but still it is not working.
Joomla creates the cookie with the name d58ba4091c622661a0d46f03b412ac8b and expiry time says 'At end of session'.
This means that session will expire whenever a user close the browser.
Expiry time should be changed for this cookie according to configuration settings but it still say At end of session .
for an example how stackoverflow session works I need to do in same way.
Is there any way to change this cookie life time from 'At end of session' to something I want?
Should I hard code time limit where this cookie come in existences or how to do this?
Thanks.
Use this plugin:
http://extensions.joomla.org/extensions/administration/admin-desk/13982
You definitely don't want to make the session never expire because this will cause all kinds of server and security issues. You need to change the expiration of the cookie to some date in the future. The easiest way to do this would be a plugin that checks for the cookie and updates the exiration.