PHPSESSID expires before my cookie

#1 July 17th, 2005, 12:55 PM

I have the following code:

$expireTime = 60*60*24*364; // 365 days
session_set_cookie_params($expireTime); // seconds
session_start();

My problem is, that my PHPSESSID expires before my cookie. I have then
added the fowlloing code:

$expireTime = 60*60*24*364; // 365 days
session_set_cookie_params($expireTime); // seconds
session_cache_limiter('private');
session_cache_expire(8760); // minutes
session_start();

Now my cookie expires after the browser closes instead of the 365 days!?

How do I get the same expiration on both my cookie and my PHPSESSID on
my server?

I am running with PHP5 on a FreeBSD server.

#2 July 17th, 2005, 12:55 PM

> How do I get the same expiration on both my cookie and my PHPSESSID on[color=blue]
> my server?[/color]

No one that knows anything about it? I have tried a few thing, but I
can't get it working.

#3 July 17th, 2005, 12:56 PM

On Sun, 01 May 2005 02:39:24 +0200, FamB wrote:
[color=blue]
>
> No one that knows anything about it? I have tried a few thing, but I
> can't get it working.[/color]

OK. What are the few things that you tried? What exactly do you want?
You want your PHPSESSID cookie to survive closing the browser, thus in
effect establishing a permanent session.

You are using PHP5. PHP5 has a parameter called session.cookie_lifetime.
Here is an explanation taken from the INI file.

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

By the way, session cannot live longer then your browser. Once you
close your browser, your session is closed. The session_start()
function will start a new session. HTTPD is a stateless protocol.
You cannot trick it into allowing you permanent connection. It would be
nice, but no way to do that.

--
Egoist: A person of low taste, more interested in themselves than in me.

#4 July 17th, 2005, 12:56 PM

Mladen Gogala wrote:[color=blue]
> By the way, session cannot live longer then your browser. Once you
> close your browser, your session is closed. The session_start()
> function will start a new session. HTTPD is a stateless protocol.
> You cannot trick it into allowing you permanent connection. It would be
> nice, but no way to do that.[/color]

Um. As you say, HTTP is a stateless protocol. That means that as far as
the server is concerned, closing a browser window does absolutely
nothing! It all hinges on whether or not *your browser* will send the
session cookie back to the server again when reopened. This is easy!
Just set your cookie's expiry date to some date years in the future (It
is a session only cookie by default), and your browser will send it back
to the server next time it visits.

Cheers,
Nicholas Sherlock

#5 July 17th, 2005, 12:57 PM

> You are using PHP5. PHP5 has a parameter called session.cookie_lifetime.[color=blue]
> Here is an explanation taken from the INI file.
>
> ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
> session.cookie_lifetime = 0[/color]

Okay, I thought it was something that could be set in the PHP code but I
have now changed the value in my php.ini and that seems to solve the
problem. Thanks.

#6 July 17th, 2005, 12:57 PM

> You are using PHP5. PHP5 has a parameter called session.cookie_lifetime.[color=blue]
> Here is an explanation taken from the INI file.
>
> ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
> session.cookie_lifetime = 0[/color]

Okay, perhaps I am mixing sessions and cookies together because I can
not get it working as I want.

I have this code:

if($autologin == "on")
{
$expireTime = 60*60*24*364; // 365 days
session_set_cookie_params($expireTime); // seconds
}
else
{
$expireTime = 0; // when browser closes
session_set_cookie_params($expireTime); // seconds
}
session_start();

"autologin" is a checkbox, to let the user have a permanent session.

What I want is, to set the client cookie to either 365 days or to die
when the browser closes.
I would prefer if the server session (PHPSESSID) expired at the same
time as the client cookie, but if that is not possible, then it should
just be 365 days.
Right now I have set "session.cookie_lifetime = 31536000" in my php.ini
and then this above code.

Can anyone help - either to let me understand what I am missing or with
an example?

#7 July 17th, 2005, 12:58 PM

>> You are using PHP5. PHP5 has a parameter called session.cookie_lifetime.[color=blue][color=green]
>> Here is an explanation taken from the INI file.
>>
>> ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
>> session.cookie_lifetime = 0[/color]
>
> Okay, perhaps I am mixing sessions and cookies together because I can
> not get it working as I want.
>
> I have this code:
>
> if($autologin == "on")
> {
> $expireTime = 60*60*24*364; // 365 days
> session_set_cookie_params($expireTime); // seconds
> }
> else
> {
> $expireTime = 0; // when browser closes
> session_set_cookie_params($expireTime); // seconds
> }
> session_start();
>
> "autologin" is a checkbox, to let the user have a permanent session.
>
> What I want is, to set the client cookie to either 365 days or to die
> when the browser closes.
> I would prefer if the server session (PHPSESSID) expired at the same
> time as the client cookie, but if that is not possible, then it should
> just be 365 days.
> Right now I have set "session.cookie_lifetime = 31536000" in my php.ini
> and then this above code.
>
> Can anyone help - either to let me understand what I am missing or with
> an example?[/color]

I still have my problems with this. I hope there to be a solution for
it? :-)

#8 July 17th, 2005, 01:10 PM

FamB wrote:
<snip>[color=blue]
> I still have my problems with this. I hope there to be a solution for[/color]
[color=blue]
> it? :-)[/color]

Probably, it might be your session gc setting that trashes your
session.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

PHPSESSID expires before my cookie

Popular Articles

What is Bytes?