473,698 Members | 2,747 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Extend Session Timeout Depending on users

6 New Member
Hi All

I know I can set the php.ini timeout to increase to what ever I like
I also know I can do it from a php script.

My question is if I can change it from the script will it extend the seesion for all users or only the user who intiated the call from the script?

If not how can I set intranet users to have a time out of 1hr and internet users 15mins

any help would be greatly appreciated
Apr 29 '08 #1
5 2535
TheServant
1,168 Recognized Expert Top Contributor
Hi All

I know I can set the php.ini timeout to increase to what ever I like
I also know I can do it from a php script.

My question is if I can change it from the script will it extend the seesion for all users or only the user who intiated the call from the script?

If not how can I set intranet users to have a time out of 1hr and internet users 15mins

any help would be greatly appreciated
Interesting. Does your script work? I am pretty sure that unless your script changes the php.ini file, it will not change it for the other users. Post the code for doing it from the script. I am guessing you could do a small if statement to test whether it's an intra or inter user and submit the appropriate timeout.

Is it something like:
[PHP]//Change the session timeout value to 1 hr
ini_set(?sessio n.gc_maxlifetim e?, 60*60);
[/PHP]
Apr 29 '08 #2
dlite922
1,584 Recognized Expert Top Contributor
You would be able to differentiate between internet and intranet users by their IP address.

Usually the intranet has a specific subnet (most commonly 192.168.x.x)

get the users IP and match it to that subnet and you can distinguish between intranet and internet.

You can be sure, no one will have 192.168.x.x IP on the internet, that's reserved, but if its something else, fire your system admin. (joke)

-DM
Apr 29 '08 #3
coolsti
310 Contributor
I am not sure how you can do this by manipulating php.ini. Frankly I don't think that would work, because changes to php.ini do not take effect until the (Apache) server is restarted, at least on a Linux system (if I am not mistaken here).

I described in my post to this thread another way you can do something similar:

http://bytes.com/forum/thread795054.ht ml

Basically you leave the php.ini driven session life time to be relatively long, and you use the method I describe to time a user out if the difference between the time of their next page request and the time of their last page request is longer than the amount of time allowed for them. This way, you can make the maximum time allowed user dependent. When a user is timed out, you call session destroy functions to remove their session and session files.

I am doing this with two maximum times, one if the user is within the intranet and one if they are coming from outside.
May 2 '08 #4
thefox149
6 New Member
The Servant that is pretty much my script

I like the check ip address suggestion. On every page, as apart of a security stragety I check to to see if the session is active. I could (if I understand correctly) check how long that session has been going for and kick them out if they have been around longer than 15 mins and from an external ip.

Interesting. Does your script work? I am pretty sure that unless your script changes the php.ini file, it will not change it for the other users. Post the code for doing it from the script. I am guessing you could do a small if statement to test whether it's an intra or inter user and submit the appropriate timeout.

Is it something like:
[PHP]//Change the session timeout value to 1 hr
ini_set(?sessio n.gc_maxlifetim e?, 60*60);
[/PHP]
May 6 '08 #5
coolsti
310 Contributor
The Servant that is pretty much my script

I like the check ip address suggestion. On every page, as apart of a security stragety I check to to see if the session is active. I could (if I understand correctly) check how long that session has been going for and kick them out if they have been around longer than 15 mins and from an external ip.
This is what I do. When a user logs on, I create an identity string composed of an identifier for the application that the user logged on to (I have a few different databases each requiring a separate log in), and the IP address, and store this in a session variable. Then at the start of every page request (I do this with a function called from an auto_prepend file script so it is called with every PHP request) I compre this stored session variable with the user's IP address and the application specific identifier. If no match, I log the user out (destroy the session) and present the log in page again.

I also give the user a much shorter allowable interval between page requests when coming from an external IP address.
May 7 '08 #6

Sign in to post your reply or Sign up for a free account.

Similar topics

4
3887
by: Yuriy | last post by:
Hi, everybody! I need every 20 min extent my Session timeout. Any suggetions appreciated! Thanks
2
1447
by: Yuriy | last post by:
Hello ! I have a problem with session variables and i need to do something with my session I need every 20 min extend my Session timeout. Any suggetions appreciated! Thanks
5
5280
by: fbwhite | last post by:
I know this issue has been brought up many times, but I have tried many of the solutions to no avail. I wanted to give my specific case to see if someone could be of any help. We are using the sessionstate inproc mode and users are randomly losing their session. I do not believe it is happening across all users at one time. It seems to happen to different users at different times, but I am only going off heresay. The aspnet worker...
5
2082
by: Just D. | last post by:
Do we have any access to the Session object from a different Session? The idea is to save Session of a current user and then if he logs in again then return the Session back. It's not a problem to store, there is only one complicated object in this Session, but to get it on SessionStart to make a copy this is a problem. Maybe using Application or whatever? Or this data is divided and inaccessible anyway? Just D.
17
5204
by: jensen bredal | last post by:
Hello, i'm struggling with a somehow badly understood session scenario. I provide acces to my pages based on form authentication using Session cookies. Som of my pages are supposed to be running continuously and refreshing once an hour. I there set timeout= 61 in <sessionState section and on my page it says <meta http-equiv="refresh" content="3600">. I also set timeout=120 in the <forms section of web.config to make sure
1
6195
by: Seetha J | last post by:
I work on a website where users can apply for different types of loans. Depending on the type of loan we store various sets of data in Session state which is maintained in SQL Server. If the user stops in the middle of loan application process I want to capture whatever data was in the session and store it in our backoffice systems for non-repudiation purposes. In the past we have been doing it on session end but after we moved to SQL...
2
2895
by: Kevin Frey | last post by:
Hello, I've been reading that ASP.NET serialises (ie. processes one at a time) HTTP requests if two simultaneous requests need to access the same session state. It also makes note that ASP.NET tries to reacquire a lock on the session state every 1/2 second until the timeout is reached, and then it will forcibly release the previous users lock and take the lock for itself. What is this timeout figure?
25
6082
by: =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?= | last post by:
I tried: <sessionState timeout="1"> </sessionState> bounced IIS, and after 1 minute still had a session. ??? -- thanks - dave
7
20938
by: anithaapr05 | last post by:
Hi, I am creating a session when user successfully login to the site and user gets a form to input some data into database. Assume that user entered data into some fileds and let the browser ideal and doing some other work in his/her system. My requrement is, 2 mins before(after 13 mins) of session timeout(I set session timeout as 15 mins in web.config), user should get an alert as" Your session is about to timeout in 2 mins(at...
0
8683
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9170
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9031
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
8876
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
7741
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
5867
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4372
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4624
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
2341
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.