|
|
|
|
|
1
1st November 17:16
External User
Posts: 1
|
Session timeout
Hi all!
I've read a bit about PHP session timeout. Is it configurable?? I mean, If i want user logged out after 10 minutes of innactivity... where i can to set it up?? Is it possible to expire session configuring php.ini. I know i will have to write code to do whatever when the session expires... Thank you in advance |
|
|
|
|
2
1st November 17:16
External User
Posts: 1
|
Session timeout
There are various configuration options for this (which you change in
the php.ini or by using the ini_set() function): session.gc_maxlifetime session.cookie_lifetime Read all about sessions here: http://uk.php.net/manual/en/ref.session.php -- Richard Heyes http://www.websupportsolutions.co.uk Knowledge Base and HelpDesk software that can cut the cost of online support ** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS ** |
|
|
|
3
1st November 17:16
External User
Posts: 1
|
Session timeout
Before sending my first mail, i've changed those parameters... and
nothing seems to change. I set up also session.cache_expire... but... nothing happens... session does not expire |
|
|
|
4
1st November 17:16
External User
Posts: 1
|
Session timeout
If you change them in your php.ini don't forget you'll need to restart
your web server. -- Richard Heyes http://www.websupportsolutions.co.uk Knowledge Base and HelpDesk software that can cut the cost of online support ** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS ** |
|
|
|
5
1st November 17:17
External User
Posts: 1
|
Session timeout
You could always just set you own cookie that expires after 10 min. Have your script redirect to a login page if the cookie has expired or reset the cookie if its still valid.
----- Original Message ----- From: "Dani CastaƱos" <danitao.mailists@gmail.com> To: php-general@lists.php.net Sent: Thursday, December 13, 2007 7:36:06 AM (GMT-0500) America/New_York Subject: [php] Session timeout Hi all! I've read a bit about PHP session timeout. Is it configurable?? I mean, If i want user logged out after 10 minutes of innactivity... where i can to set it up?? Is it possible to expire session configuring php.ini. I know i will have to write code to do whatever when the session expires... Thank you in advance -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Victor J. Matherly Technical Services Wave Communications, Inc http://www.wave-communications.com |
|
|
|
6
1st November 17:17
External User
Posts: 1
|
Session timeout
You can simulate that, because not always you'll be able to do "init_set"
You can save in a session var the TTL (time to live) $_SESSION['TTL'] = time() + TIMEOUT; Then before do anything you see if the session is still valid if ( $_SESSION['TTL'] < time() ) close_session(); I hope this be helpful for you! -- Best Regards Cesar D. Rodas http://www.cesarodas.com http://www.thyphp.com http://www.phpajax.org Phone: +595-961-974165 |
|
|
|
7
1st November 17:17
External User
Posts: 1
|
Session timeout
ini_set(), and when?
-- Richard Heyes http://www.websupportsolutions.co.uk Knowledge Base and HelpDesk software that can cut the cost of online support ** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS ** |
|
|
|
8
1st November 17:18
External User
Posts: 1
|
Session timeout
Hi all, I've found the key of all... at least this is what I think ;-)
(And, again, at least, for Debian users) The thing is I want to have control on what "exactly" a session lasts, and advice the user some time before to renew the session if he wants. If you only set gc_maxlifetime with ini_set or even in php.ini the session management won't work properly... why? In Debian, garbage collector is called from a cron taks located in /etc/cron.d/php5 This task is set to be called every 30 minutes, then you can't set session.gc_maxlifetime less than this time... Because GC won't do its work till minute 30... Then, the first thing you should do is set this task to be called in fewer minutes. ( I set up to */2, i.e. every to minutes) But this is not enough... This cron task calls a script located in /usr/lib/php5/ -> maxlifetime.sh: #!/bin/sh -e max=1440 for ini in /etc/php5/*/php.ini; do cur=$(sed -n -e 's/^[[:space:]]*session.gc_maxlifetime[[:space:]]*=[[:sp ace:]]*\([0-9]\+\).*$/\1/p' $ini 2>/dev/null || true); [ -z "$cur" ] && cur=0 [ "$cur" -gt "$max" ] && max=$cur done echo $(($max/60)) exit 0 As you see... It opens every php.ini located in /etc/php5 and gets session.gc_maxlifetime and it keeps the max value of all. It is compared with max variable and if it's greater it sets $max to this value... Then, if you set up session.gc_lifetime for example to 600 seconds in all your php.ini's, this script will return 24 minutes (1440 seconds) Because 600 is not greater than 1440. So, you must change the third line and set max to another value, 600 or less for example. And this is it... GC will work properly. I hope it helps to somebody! |
|
|
|
9
1st November 17:19
External User
Posts: 1
|
Session timeout
You CAN and it's done with session_set_cookie_parameters or in php.ini...
But keep in mind that session timeout relies on the SERVER and the CLIENT both having their clocks set correctly. One would hope that one's server has the correct time, but there's really not much bank in relying on end user computers to have the corret time. So if the time of the logging out really matters, store their last usage time in their $_SESSION or in a cookie or something and do your own date-time calculations, completely independent of the client or even server datetime setting. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? |
|
|
Linear Mode
