Hi there,
Users of my PHP DB application have complained that it seems to log them out
every now and then. I actually assume this is when it has been idle for
sometime as I use session variables to store a logged in token.
With only basic knowledge of sessions I assumed there was some kind of
default time before the session data is destroyed.
Is this the case?
My investigations revealed a
session.cookie_lifetime
directive but the default value of 0 as in my environment means the cookie
lasts for ever so this could not be my problem.
The other directive was
session.cache_expire
which I do not fully understand if this would have an effect or not but it
may do. This has a default of 180 mins so I thought maybe users are being
logged out after 180 mins.
As an experiment I tried setting this to 1 min (>session_cache_expire(1); ),
but doing this and then checking if it was set with phpinfo() found that it
stayed at 180. Therefore I could not change the value.
So can anyone help. If I do have to set the
session.cache_expire
do I have to set this on each page where a session_start is used, or can I
just set it after the login page, and then the value I set will remain.
Any help on this matter appreciated.
Kind regards
Dave
12  2496 
Dave Smithz wrote: Hi there,
Users of my PHP DB application have complained that it seems to log them out
every now and then. I actually assume this is when it has been idle for
sometime as I use session variables to store a logged in token.
With only basic knowledge of sessions I assumed there was some kind of
default time before the session data is destroyed.
Is this the case?
My investigations revealed a
session.cookie_lifetime
directive but the default value of 0 as in my environment means the cookie
lasts for ever so this could not be my problem.
The other directive was
session.cache_expire
which I do not fully understand if this would have an effect or not but it
may do. This has a default of 180 mins so I thought maybe users are being
logged out after 180 mins.
As an experiment I tried setting this to 1 min (>session_cache_expire(1); ),
but doing this and then checking if it was set with phpinfo() found that it
stayed at 180. Therefore I could not change the value.
So can anyone help. If I do have to set the
session.cache_expire
do I have to set this on each page where a session_start is used, or can I
just set it after the login page, and then the value I set will remain.
Any help on this matter appreciated.
Kind regards
Dave
session.cookie_lifetime = 0 means the cookie will be deleted as soon as
the browser is closed, which logs the user out.
set it to another value (in sec's, using ini_set()) to keep the user
logged in longer. but note that this is not sure fire because what the
users do with your cookie is up to them.
micha
"chotiwallah" <ch*********@web.de> wrote in message
news:11*********************@o13g2000cwo.googlegro ups.com... session.cookie_lifetime = 0 means the cookie will be deleted as soon as
the browser is closed, which logs the user out.
set it to another value (in sec's, using ini_set()) to keep the user
logged in longer. but note that this is not sure fire because what the
users do with your cookie is up to them.
Yes you are right there of course, but in this instance users are being
logged out when they have not closed the browser. In fact they expect that
if they close the browser they will be logged out which is better behaviour.
I need to prevent the time out occurring on a windows which they have kept
open (note this window does use frames if this makes a difference).
Kind regards
Dave
Dave Smithz wrote: "chotiwallah" <ch*********@web.de> wrote in message
news:11*********************@o13g2000cwo.googlegro ups.com... session.cookie_lifetime = 0 means the cookie will be deleted as soon as
the browser is closed, which logs the user out.
set it to another value (in sec's, using ini_set()) to keep the user
logged in longer. but note that this is not sure fire because what the
users do with your cookie is up to them.
Yes you are right there of course, but in this instance users are being
logged out when they have not closed the browser. In fact they expect that
if they close the browser they will be logged out which is better behaviour.
I need to prevent the time out occurring on a windows which they have kept
open (note this window does use frames if this makes a difference).
Kind regards
Dave
frames might make a diference: php starts session for single scripts,
not for browser windows or whole domains. that means a session_start()
call is needed for every script that makes use of the session.
another thought: does your login validate the user's ip? if yes, try
without it, because if your user's connections are idle, their
computers might disconnect, and then connect from a differnet ip again,
which invalidates your login.
micha
"chotiwallah" <ch*********@web.de> wrote in message
news:11**********************@g14g2000cwa.googlegr oups.com... frames might make a diference: php starts session for single scripts,
not for browser windows or whole domains. that means a session_start()
call is needed for every script that makes use of the session.
another thought: does your login validate the user's ip? if yes, try
without it, because if your user's connections are idle, their
computers might disconnect, and then connect from a differnet ip again,
which invalidates your login.
micha
Thanks again Micha,
but know the login is quite basic and does not check IP address. Also every
script does have its own session start, so I do not think this particular
problem is related to the frames.
Still a bit funny why I cannot change the session.cache_expire value (at
least when I do a phpinfo it does not seem to change although I can change
other values)
Anyone else have any thoughts on what the problem could be here?
("Dave Smithz" <SPAM FREE WORLD>) decided we needed to hear...
"chotiwallah" <ch*********@web.de> wrote in message
news:11**********************@g14g2000cwa.googlegr oups.com... frames might make a diference: php starts session for single scripts,
not for browser windows or whole domains. that means a session_start()
call is needed for every script that makes use of the session.
another thought: does your login validate the user's ip? if yes, try
without it, because if your user's connections are idle, their
computers might disconnect, and then connect from a differnet ip again,
which invalidates your login.
micha
Thanks again Micha,
but know the login is quite basic and does not check IP address. Also every
script does have its own session start, so I do not think this particular
problem is related to the frames.
Still a bit funny why I cannot change the session.cache_expire value (at
least when I do a phpinfo it does not seem to change although I can change
other values)
Anyone else have any thoughts on what the problem could be here?
session.cache_expire has no effect if session.cache_limiter is set to
nocache which is the default and probably what you want if to be, so
theres probably no need to worry about why cache_expire doesn't change
for you.
For sessions to remain active yes you do have to change the
session.cookie_lifetime value, and you also should change the
session.gc_maxlifetime value to be the same. If you don't then even
though the session cookie will remain active for the user, the
session data file on the webserver will get deleted in a much
shorter period, invalidating the session.
Each time you do a session_start(), set the above values using ini_set
and you should be good to go...
--
Dave <da**@REMOVEbundook.com>
(Remove REMOVE for email address) "chotiwallah" <ch*********@web.de> wrote in message >
session.cache_expire has no effect if session.cache_limiter is set to
nocache which is the default and probably what you want if to be, so
theres probably no need to worry about why cache_expire doesn't change
for you.
For sessions to remain active yes you do have to change the
session.cookie_lifetime value, and you also should change the
session.gc_maxlifetime value to be the same. If you don't then even
though the session cookie will remain active for the user, the
session data file on the webserver will get deleted in a much
shorter period, invalidating the session.
Each time you do a session_start(), set the above values using ini_set
and you should be good to go...
OK still a bit confused. I used ini_set to set the session.gc_maxlifetime
and session.cookie_lifetime variables and using phpinfo() I found they had
been set to what I wanted.
Therefore as an experiment I set the values to be 1 like so:
ini_set ("session.cookie_lifetime","1");
ini_set ("session.gc_maxlifetime","1");
Now I would have expected for the session therefore to only last 1 second,
and as the login information is held in the session variables I expected to
be logged out right away (Therefore when I attempted to view another script
that requires login, it would take me to the login screen).
1) This did not happen? Anyone know of any reasons why?
2 - not as important as 1)With regard to using session.cache_limiter
(independently from the above question) and I played around with setting
this to private_no_expire so that when users pressed the back button on the
browser, pages would not be resent to the server. Does not seem to work that
well and I ended up using Form GETS as opposed to POSTS as a workaround.
3) Is it OK to set the session.cookie_lifetime and session.gc_maxlifetime in
a header file that is called with require_once?
Thanks in advance for any help.
Kind regards
Dave
On Mon, 11 Jul 2005 10:05:53 -0400, Dave <da**@REMOVEbundook.com> wrote: For sessions to remain active yes you do have to change the
session.cookie_lifetime value, and you also should change the
session.gc_maxlifetime value to be the same. If you don't then even
though the session cookie will remain active for the user, the
session data file on the webserver will get deleted in a much
shorter period, invalidating the session.
Each time you do a session_start(), set the above values using ini_set
and you should be good to go...
One thing to remember when modifying session duration settings at runtime is
that the PHP sessions garbage collector piggy-backs on requests with a
probability set by a couple of configuration options.
If there are any other pages on the server that don't have the options
ini_set'ed, then the garbage collector may run from other pages, _with the
default settings_, so could purge your sessions from the server-side session
directory if they exceed the default timeout, regardless of what you had in
force at the time the session started.
For the pages where you change the session settings, you probably also want to
specify an alternate session.save_path to isolate those session files from the
rest of the server.
--
Andy Hassall / <an**@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool
you can use a .htaccess file to set php config for your whole site
the file must contain something like this
php_flag OPTION_NAME OPTION_VALUE
micha
Andy Hassall (an**@andyh.co.uk) decided we needed to hear... On Mon, 11 Jul 2005 10:05:53 -0400, Dave <da**@REMOVEbundook.com> wrote:
For sessions to remain active yes you do have to change the
session.cookie_lifetime value, and you also should change the
session.gc_maxlifetime value to be the same. If you don't then even
though the session cookie will remain active for the user, the
session data file on the webserver will get deleted in a much
shorter period, invalidating the session.
Each time you do a session_start(), set the above values using ini_set
and you should be good to go...
One thing to remember when modifying session duration settings at runtime is
that the PHP sessions garbage collector piggy-backs on requests with a
probability set by a couple of configuration options.
If there are any other pages on the server that don't have the options
ini_set'ed, then the garbage collector may run from other pages, _with the
default settings_, so could purge your sessions from the server-side session
directory if they exceed the default timeout, regardless of what you had in
force at the time the session started.
For the pages where you change the session settings, you probably also want to
specify an alternate session.save_path to isolate those session files from the
rest of the server.
I do actually code all my own ini_sets in an include file which every
page requires, hence I've never really considered the situation you
mention, but its an excellent point so, thanks for the tip.
--
Dave <da**@REMOVEbundook.com>
(Remove REMOVE for email address)
chotiwallah (ch*********@web.de) decided we needed to hear... you can use a .htaccess file to set php config for your whole site
the file must contain something like this
php_flag OPTION_NAME OPTION_VALUE
micha
I personally mostly avoid that method - my only reason being that
if I ever have to move any of my sites to other servers and
(shock-horror) I'm sans-backup I can fall back by uploading
the site from my own archives and an include file is less likely
to be missing than an htaccess file... okay its over-cautious
but thats just me ;)
--
Dave <da**@REMOVEbundook.com>
(Remove REMOVE for email address)
"Dave" <da**@REMOVEbundook.com> wrote in message
news:23************@fawlty.homelinux.net...
For the pages where you change the session settings, you probably also
want to
specify an alternate session.save_path to isolate those session files
from the
rest of the server.
So from all of this, am I right in thinking the best thing to do is use a
different session.save_path and that will prevent my session information
being cleared up by the garbage collector and therefore my session dieing
early problems solved?
Kind regards
Dave
("Dave Smithz" <SPAM FREE WORLD>) decided we needed to hear...
"Dave" <da**@REMOVEbundook.com> wrote in message
news:23************@fawlty.homelinux.net...
For the pages where you change the session settings, you probably also
want to
specify an alternate session.save_path to isolate those session files
from the
rest of the server.
So from all of this, am I right in thinking the best thing to do is use a
different session.save_path and that will prevent my session information
being cleared up by the garbage collector and therefore my session dieing
early problems solved?
Kind regards
Dave
You're actually quoting Andy Hassall's words, not mine.
However, yes its best to change session.save_path so that your session
files are not lumped in with all the other session files on the server,
but that in itself will not stop the garbage collector from doing its
job at the default interval - you must *also* change the
session.gc_maxlifetime and session.cookie_lifetime values as per
previous postings.
--
Dave <da**@REMOVEbundook.com>
(Remove REMOVE for email address) This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: FLEB |
last post by:
I've been trying to find a way to transfer session data (login information
and such) between different domains, both on the same shared host. I think
(I haven't tested yet, though) that using the...
|
by: Theo |
last post by:
Question for the group
The authentication system for the site Im working on seems to function
properly and all is good. A session keeps track of everything and a
cookie is used to accept or deny...
|
by: Bartosz Wegrzyn |
last post by:
I need help with sessions.
I createt set of web site for nav with authorization.
first I go into main.php which looks like this:
<?php
//common functions
include_once '../login/common.php';...
|
by: vesely |
last post by:
Hi all,
I'm currently relying on logged-in users hitting "logout"
(logoff) before they leave, in order to terminate the session.
With PHP the session filename is in a cookie that lasts for the...
|
by: Mark H |
last post by:
Hey all--
I'm building a database and I basically need to keep out people who
aren't authorized, but it's not like I need top security here. I'm just
doing basic user/pass of a SQL database, and...
|
by: Lenn |
last post by:
Hello,
This requirement might seem strange to someone out there, but here it's
We need to make sure only certain number of users can be logged in the site
at the same time. Is there any way to...
|
by: Dave Smithz |
last post by:
Hi there,
I have a website where users can log into. This users sessions as I believe
most people use when implementing a login section of a website (each php
page first checks a valid parameter...
|
by: runner7 |
last post by:
Can anyone tell me if there is a way in PHP to determine when a session
times out on the server or how many concurrent sessions there are in
your application?
|
by: DavidPr |
last post by:
I'm using sessions now but I've just realized a potential problem. It's a small job board and the employers have to register and login to post ads, and the job seekers have to register, login and...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| |
