If I hit a page which calls session_start(), how long would I have to wait before I get a new session ID when I refresh the page?
Check out php.ini the value set for session.gc_maxlifetime is the ID lifetime in seconds.
I believe the default is 1440 seconds (24 mins)
http://www.php.net/manual/en/session.configuration.php
Edit: As some comments point out, the above is not entirely accurate. A wonderful explanation of why, and how to implement session lifetimes is available here:
How do I expire a PHP session after 30 minutes?
The default in the php.ini for the session.gc_maxlifetime directive (the "gc" is for garbage collection) is 1440 seconds or 24 minutes. See the Session Runtime Configuation page in the manual:
http://www.php.net/manual/en/session.configuration.php
You can change this constant in the php.ini or .httpd.conf files if you have access to them, or in the local .htaccess file on your web site. To set the timeout to one hour using the .htaccess method, add this line to the .htaccess file in the root directory of the site:
php_value session.gc_maxlifetime "3600"
Be careful if you are on a shared host or if you host more than one site where you have not changed the default. The default session location is the /tmp directory, and the garbage collection routine will run every 24 minutes for these other sites (and wipe out your sessions in the process, regardless of how long they should be kept). See the note on the manual page or this site for a better explanation.
The answer to this is to move your sessions to another directory using session.save_path. This also helps prevent bad guys from hijacking your visitors' sessions from the default /tmp directory.
it depends on your php settings...
use phpinfo() and take a look at the session chapter. There are values like session.gc_maxlifetime and session.cache_expire and session.cookie_lifetime which affects the sessions lifetime
EDIT:
it's like Martin write before
According to a user on PHP.net site, his efforts to keep session alive failed, so he had to make a workaround.
<?php
$Lifetime = 3600;
$separator = (strstr(strtoupper(substr(PHP_OS, 0, 3)), "WIN")) ? "\\" : "/";
$DirectoryPath = dirname(__FILE__) . "{$separator}SessionData";
//in Wamp for Windows the result for $DirectoryPath
//would be C:\wamp\www\your_site\SessionData
is_dir($DirectoryPath) or mkdir($DirectoryPath, 0777);
if (ini_get("session.use_trans_sid") == true) {
ini_set("url_rewriter.tags", "");
ini_set("session.use_trans_sid", false);
}
ini_set("session.gc_maxlifetime", $Lifetime);
ini_set("session.gc_divisor", "1");
ini_set("session.gc_probability", "1");
ini_set("session.cookie_lifetime", "0");
ini_set("session.save_path", $DirectoryPath);
session_start();
?>
In SessionData folder it will be stored text files for holding session information, each file would be have a name similar to "sess_a_big_hash_here".
You can use something like ini_set('session.gc_maxlifetime', 28800); // 8 * 60 * 60 too.
But watch out, on most xampp/ampp/...-setups and some linux destributions it's 0, which means the file will never get deleted until you do it within your script (or dirty via shell)
PHP.INI:
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
; http://php.net/session.cookie-lifetime
session.cookie_lifetime = 0
Related
After being inactive for some time in my php application I get kicked out (around 20 minutes).
I am suspecting that it could be a variable in php.ini conf file which is killing the sessions or removing the sessions but I'm not 100% sure if this is something that it has to do with that, at least I can try.
The question is what is the variable responsible for the live of the session?
Thanks
php.ini -> session.gc_maxlifetime
The default is 1440 seconds (24 mins)
See this:
PHP : What is the default lifetime of a session
I have tried multiple way to extend this, so as to not have to log in every 1440 seconds on a development server. Yet the problem still persists.
Could anybody advise on the "correct" way to achieve this? I want to set to cookie session timeout to 3600 (1 hour) instead of the default 1440.
I have tried:
Set: 'session.gc_maxlifetime' within my php.ini file
Gone onto phpmyadmin under Settings => Features => General => Login cookie validity and set this to be the timing I want.
Gone into config.ini.php in the phpmyadmin files and set: '$cfg['LoginCookieValidity']' to the required time.
Each attempt I have made sure to restart apache so as to load the new configuration. However the problem still persists.
Any help/advise will be much appreciated.
You have to edit phpmyadmin's configuration file (config.inc.php) and set the variable $cfg['LoginCookieValidity'] = 3600, I've put it at the end of the file.
Next, you have to increase the php session timeout if it is lower than 3600 seconds, to do that you have to set session.gc_maxlifetime in the php.ini file.
After that you have to restart apache.
I have done it so and it works on Ubuntu 14.04.
First you need to verified that is ini_set allowed on your system or not?
To find out what the default (file-based-sessions) session timeout value on the server is you can view it through a ini_get command:
$currentTimeoutInSecs = ini_get(’session.gc_maxlifetime’);
// php.ini setting required for session timeout.
ini_set(’session.gc_maxlifetime’, 3600);
ini_set(‘session.gc_probability’,1);
ini_set(‘session.gc_divisor’,1);
session_set_cookie_params(3600);
session_start(); // ready to go!
if you want to change the session.cookie_lifetime.
This required in some common file because to get the session values in whole application we need to write session_start(); to each file then only will get $_SESSION global variable values.
$sessionCookieExpireTime=8*60*60;
session_set_cookie_params($sessionCookieExpireTime);
session_start();
I am using a standard Drupal install hosted on a LAMP stack.
My settings.php has the following set:
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);
ini_set('session.gc_maxlifetime', 200000);
ini_set('session.cookie_lifetime', 2000000);
my php.ini file has:
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
Also I have checked that the safe mode is off so that my settings.php file is able to override main php.ini variables. Also since the person can get log out at 15 minutes, it is making me wonder whether php.ini has anything to do with it anyways. I have combed through my code and it seems to work fine on my local host however on server it is having issues. Where else can i possibly check?????
Narrow done your problem. Is the cookie expiration being set wrong? Or is it still being sent but no longer matching up with a valid session? My guess is it's a problem in drupal.
I have some issues concerning the timeout of a php session. I have set the following values during runtime of the application:
session.gc_maxlifetime = 3600
session.cookie_lifetime = 3600
session.save_path = myApplicationPath/tmp
session.use_cookies = 1
session.use_only_cookies = 1
However, my session keeps expiring in about 30 mins. Also, my tmp directory remains empty, so it appears no cookies are actually being set. echoing ini_get("session.save_path") does return the right path though.
Note:
If different scripts have different values of session.gc_maxlifetime but share the same place for storing the session data then the script with the minimum value will be cleaning the data. In this case, use this directive together with session.save_path.
PHP Manual
I'd say that PHP cannot find your save_path or does not have permission to write on that, so it stores session files (not cookies) in the default shared directory (so the site with shortest gc_maxlifetime will remove sessions from all other sites).
I have been at this for a day now, but nothing seems to be working.
What I want to do: change the expiry time of the session cookie PHPSESSID, when a particular checkbox is checked , how do I do this ?
I have tried:
ini_set()
session_set_cookie_params()
setcookie()
but nothing works . Can someone please please help me here ?
Thanks
To specify the session lifetime, server side, either apply the following command
ini_set('session.gc_maxlifetime', 30*60); // expires in 30 minutes
or set it in your php.ini file.
To set the session cookie lifetime, client side, either let it as it is (0, will die when the browser is closed), or
ini_set('session.cookie_lifetime', 30*60); // 30 minutes
or in the php.ini.
If you choose to use ini_set(), be sure to place the commands before session_start() is called.
Note that the ini_set function sets configuration option(s) during the script execution time only.
Regarding the checkbox and having a dynamic setting of the session lifetime, you could
use APC to store a setting shared by all PHP processes, that will last until the PHP server is down
write a value in a file somewhere that you load at the start of scripts (expensive) and set the value
(each script will have to ini_set() once before session_start())