Hi All
I know I can set the php.ini timeout to increase to what ever I like
I also know I can do it from a php script.
My question is if I can change it from the script will it extend the seesion for all users or only the user who intiated the call from the script?
If not how can I set intranet users to have a time out of 1hr and internet users 15mins
any help would be greatly appreciated
5 2535 TheServant 1,168
Recognized Expert Top Contributor
Hi All
I know I can set the php.ini timeout to increase to what ever I like
I also know I can do it from a php script.
My question is if I can change it from the script will it extend the seesion for all users or only the user who intiated the call from the script?
If not how can I set intranet users to have a time out of 1hr and internet users 15mins
any help would be greatly appreciated
Interesting. Does your script work? I am pretty sure that unless your script changes the php.ini file, it will not change it for the other users. Post the code for doing it from the script. I am guessing you could do a small if statement to test whether it's an intra or inter user and submit the appropriate timeout.
Is it something like:
[PHP]//Change the session timeout value to 1 hr
ini_set(?sessio n.gc_maxlifetim e?, 60*60);
[/PHP]
dlite922 1,584
Recognized Expert Top Contributor
You would be able to differentiate between internet and intranet users by their IP address.
Usually the intranet has a specific subnet (most commonly 192.168.x.x)
get the users IP and match it to that subnet and you can distinguish between intranet and internet.
You can be sure, no one will have 192.168.x.x IP on the internet, that's reserved, but if its something else, fire your system admin. (joke)
-DM
I am not sure how you can do this by manipulating php.ini. Frankly I don't think that would work, because changes to php.ini do not take effect until the (Apache) server is restarted, at least on a Linux system (if I am not mistaken here).
I described in my post to this thread another way you can do something similar:
http://bytes.com/forum/thread795054.ht ml
Basically you leave the php.ini driven session life time to be relatively long, and you use the method I describe to time a user out if the difference between the time of their next page request and the time of their last page request is longer than the amount of time allowed for them. This way, you can make the maximum time allowed user dependent. When a user is timed out, you call session destroy functions to remove their session and session files.
I am doing this with two maximum times, one if the user is within the intranet and one if they are coming from outside.
The Servant that is pretty much my script
I like the check ip address suggestion. On every page, as apart of a security stragety I check to to see if the session is active. I could (if I understand correctly) check how long that session has been going for and kick them out if they have been around longer than 15 mins and from an external ip.
Interesting. Does your script work? I am pretty sure that unless your script changes the php.ini file, it will not change it for the other users. Post the code for doing it from the script. I am guessing you could do a small if statement to test whether it's an intra or inter user and submit the appropriate timeout.
Is it something like:
[PHP]//Change the session timeout value to 1 hr
ini_set(?sessio n.gc_maxlifetim e?, 60*60);
[/PHP]
The Servant that is pretty much my script
I like the check ip address suggestion. On every page, as apart of a security stragety I check to to see if the session is active. I could (if I understand correctly) check how long that session has been going for and kick them out if they have been around longer than 15 mins and from an external ip.
This is what I do. When a user logs on, I create an identity string composed of an identifier for the application that the user logged on to (I have a few different databases each requiring a separate log in), and the IP address, and store this in a session variable. Then at the start of every page request (I do this with a function called from an auto_prepend file script so it is called with every PHP request) I compre this stored session variable with the user's IP address and the application specific identifier. If no match, I log the user out (destroy the session) and present the log in page again.
I also give the user a much shorter allowable interval between page requests when coming from an external IP address.
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: Yuriy |
last post by:
Hi, everybody!
I need every 20 min extent my Session timeout.
Any suggetions appreciated! Thanks
|
by: Yuriy |
last post by:
Hello !
I have a problem with session variables and i need to do
something with my session
I need every 20 min extend my Session timeout.
Any suggetions appreciated! Thanks
|
by: fbwhite |
last post by:
I know this issue has been brought up many times, but I have tried many of
the solutions to no avail. I wanted to give my specific case to see if
someone could be of any help.
We are using the sessionstate inproc mode and users are randomly losing
their session. I do not believe it is happening across all users at one
time. It seems to happen to different users at different times, but I am
only going off heresay. The aspnet worker...
|
by: Just D. |
last post by:
Do we have any access to the Session object from a different Session? The
idea is to save Session of a current user and then if he logs in again
then return the Session back. It's not a problem to store, there is only one
complicated object in this Session, but to get it on SessionStart to make
a copy this is a problem.
Maybe using Application or whatever? Or this data is divided and
inaccessible anyway?
Just D.
|
by: jensen bredal |
last post by:
Hello,
i'm struggling with a somehow badly understood session scenario.
I provide acces to my pages based on form authentication using
Session cookies.
Som of my pages are supposed to be running continuously and refreshing once
an hour.
I there set timeout= 61 in <sessionState section and on my page it says
<meta http-equiv="refresh" content="3600">.
I also set timeout=120 in the <forms section of web.config to make sure
| |
by: Seetha J |
last post by:
I work on a website where users can apply for different types of loans. Depending on the type of loan we store various sets of data in Session state which is maintained in SQL Server. If the user stops in the middle of loan application process I want to capture whatever data was in the session and store it in our backoffice systems for non-repudiation purposes.
In the past we have been doing it on session end but after we moved to SQL...
|
by: Kevin Frey |
last post by:
Hello,
I've been reading that ASP.NET serialises (ie. processes one at a time) HTTP
requests if two simultaneous requests need to access the same session state.
It also makes note that ASP.NET tries to reacquire a lock on the session
state every 1/2 second until the timeout is reached, and then it will
forcibly release the previous users lock and take the lock for itself.
What is this timeout figure?
|
by: =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?= |
last post by:
I tried:
<sessionState timeout="1">
</sessionState>
bounced IIS, and after 1 minute still had a session.
???
--
thanks - dave
|
by: anithaapr05 |
last post by:
Hi,
I am creating a session when user successfully login to the site and user gets a form to input some data into database.
Assume that user entered data into some fileds and let the browser ideal and doing some other work in his/her system.
My requrement is, 2 mins before(after 13 mins) of session timeout(I set session timeout as 15 mins in web.config), user should get an alert as" Your session is about to timeout in 2 mins(at...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |