PHP sessions - user login webpage - preventing autologout due to inactivity

Dave Smithz

Hi there,

I have a website where users can log into. This users sessions as I believe
most people use when implementing a login section of a website (each php
page first checks a valid parameter has been set to authorise that the user
has logged in and if it is not found it redirects the user to the login
page).

I have my code and it works fine, however on the live server, after a period
of inactivity the user will be logged out automatically.
However on my test server this is not the case and the user remains logged
no matter how long they have no activity for.
The exactly the same code is in place on both servers, just the servers are
from different providers so I assume set up differently.
What could be set up differently on the servers to be causing this
difference in behaviour and what can I do to override it? In an ideal world
I would be able to control the amount of inactive time before I user is
logged out automatically.

I hope this makes sense and I really hope someone can advice.

Kind regards

Dave

Jan 15 '06 #1

Subscribe Post Reply

5744

Gordon Burditt

>I have a website where users can log into. This users sessions as I believe

most people use when implementing a login section of a website (each php
page first checks a valid parameter has been set to authorise that the user
has logged in and if it is not found it redirects the user to the login
page).

I have my code and it works fine, however on the live server, after a period
of inactivity the user will be logged out automatically.
However on my test server this is not the case and the user remains logged
no matter how long they have no activity for.
The exactly the same code is in place on both servers, just the servers are
from different providers so I assume set up differently.
Which behavior do you consider to be a problem? You may not be
able to lengthen the time a session is kept alive. Hits on other
people's pages (by completely unrelated users) may cause expiration
of your sessions.
What could be set up differently on the servers to be causing this
difference in behaviour and what can I do to override it? In an ideal world
I would be able to control the amount of inactive time before I user is
logged out automatically.

Look at the php.ini settings related to session timeout, such as
session.gc_maxlifetime and session.cookie_lifetime. You want these
settings to allow at least as much time as you want sessions to
last. PHP's probabalistic expiration hardly ever guarantees that
a session will expire. You may set session.gc_maxlifetime to 4
hours but you can't really complain if a session is found to be
alive after 9 years.

If you want precise timeouts, e.g. you want the session intact if
it's 3 hours, 59 minutes, and 59 seconds old, but it must be unusable
if it's over 4 hours old, I suggest doing it yourself: put a
timestamp in the session data. If the user is not logged in OR THE
TIMESTAMP IS TOO OLD, redirect them to the login page. The login
page sets the timestamp. If you want "expiration since the last
hit", each hit should update the timestamp.

Gordon L. Burditt

Jan 15 '06 #2

Dave Smithz

"Gordon Burditt" <go***********@burditt.org> wrote in message
news:11************@corp.supernews.com...

Not yet having a moment to look into your suggestions, the actual behaviour
my client complained about was that they were being logged out too quickly.
Therefore they had circumstances where they typed a whole screen of text,
pressed a save button and then found they were logged out.

They probably would not care if it took a week to log out, but I would
certainly like be able to extend it to cover there working day (8 hours or
so) rather then the current 1.5 hours it seems to be.

So any advice in this direction is welcome (but of course I do want to
establish a general understanding for better control).

Cheers

Dave

Jan 15 '06 #3

"Dave Smithz" <da******@blueyonder.co.uk> wrote in message
news:x6*********************@fe3.news.blueyonder.c o.uk...

"Gordon Burditt" <go***********@burditt.org> wrote in message
news:11************@corp.supernews.com...

Not yet having a moment to look into your suggestions, the actual
behaviour my client complained about was that they were being logged out
too quickly. Therefore they had circumstances where they typed a whole
screen of text, pressed a save button and then found they were logged out.

They probably would not care if it took a week to log out, but I would
certainly like be able to extend it to cover there working day (8 hours or
so) rather then the current 1.5 hours it seems to be.

So any advice in this direction is welcome (but of course I do want to
establish a general understanding for better control).

Cheers
Why don't you just have your site save a draft of the text every minute or
so. You could have some javascript that copies out the contents of the form
the user is editing into an identical form in a hidden iframe, then submit
the hidden form back to itself. Hey presto - your draft has been saved, and
the session is used once more.

dave
Dave

Jan 16 '06 #4

by: Paul | last post by:

I want to use sessions to cover myself in case the user switches off cookies so I am passing the session ID manually through a hidden input field. This is what I have so far. index.php page...

PHP

Sessions and closing the browser

by: Theo | last post by:

Question for the group The authentication system for the site Im working on seems to function properly and all is good. A session keeps track of everything and a cookie is used to accept or deny...

PHP

cookies and sessions

by: windandwaves | last post by:

Hi Gurus I am basically sorry that I have to bother you about this. I am a PHP beginner and I have been studying sessions and cookies over the last few weeks. I have learned lots, but I am...

PHP

php sessions problem - wrong logic maybe

by: Bartosz Wegrzyn | last post by:

I need help with sessions. I createt set of web site for nav with authorization. first I go into main.php which looks like this: <?php //common functions include_once '../login/common.php';...

PHP

ending sessions when browser is closed

by: Jennifer Smith | last post by:

We have an environment running ASP on IIS5, where a user logs in via an ASP login page and an entry is made to the database recording the users login time and a database session. If the user then...

ASP / Active Server Pages

many people logging in using same user name

by: Michelle Stone | last post by:

Hi everybody I am writing a simple asp.net application using form authentication. I store the list of all users and their passwords in an SQL Server database table. My client recently told me...

ASP.NET

Authentication and sessions

by: SOS | last post by:

Hi guys, how can i use of sessions to authenticate users ? before, i used of cookies and i store users profile in the cookies but now i need to do same work with sessions. Thanx

ASP.NET

Sessions Expiring Prematurely on Production

by: Andrew Chung | last post by:

Hi all, For an application that I'm working on, upon successful authentication, Session.Timeout is set to 60 minutes. This behaviour works as expected on my own machine. If I refresh a page...

ASP.NET

Help with conflicting sessions

by: Dave | last post by:

Hopefully this is an easy question for those with more experience. I have two separate programs that I want to use together on a website Program A starts first and calls session_start(). ...

PHP

How to turn on java script in a villaon keypad mobile phone

by: Charles Arthur | last post by:

How do i turn on java script on a villaon, callus and itel keypad mobile phone

Java

Basic Javascript concepts

by: aa123db | last post by:

Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...

Javascript

Batch import of multiple excel files into the database

by: ryjfgjl | last post by:

If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...

Data Management

Merging data from multiple Excel files

by: ryjfgjl | last post by:

In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...

Data Management

Migrating Website to Cloud - Emmanuel Katto

by: emmanuelkatto | last post by:

Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel

General

Navigating the Data Structures and Algorithms (DSA)

by: BarryA | last post by:

What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...

Algorithms / Advanced Math

Is that possible of reading the .csv file in column wise and the column have different lengths ?

by: Sonnysonu | last post by:

This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...

C / C++

How to build RAID in BIOS?

by: Hystou | last post by:

There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

Computer Hardware

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...

C / C++

PHP sessions - user login webpage - preventing autologout due to inactivity

Similar topics