You problem is probably right here:

session.gc_maxlifetime = 1800

That sets the garbage collection timeout to 30 minutes... 

Per the manual:

session.gc_maxlifetime specifies the number of seconds after which data
will be seen as 'garbage' and cleaned up.

It is not "strictly" followed, but PHP does it's best to destroy data
after that timeout elapses. This would explain why sometimes you can
last an hour without getting the error. If you want your timeout to be 3
hours, then I would set that value to something like 11,000 (which is
just a little over 3 hours).

-Jeremy

On Thu, 2004-01-01 at 19:30, Tim Meader wrote:
> I'm looking for help trying to do away with an error I get from time to 
> time in my access control session logic. Here is my session setup from the 
> php.ini:
> 
> session.save_handler = files
> session.save_path = /tmp
> session.use_cookies = 1
> session.use_only_cookies = 1
> session.name = PHPSESSID
> session.auto_start = 0
> session.cookie_lifetime = 0
> session.cookie_path = /
> session.cookie_domain = gsfc.nasa.gov
> session.cookie_secure = On
> session.serialize_handler = php
> session.gc_probability = 100
> session.gc_maxlifetime = 1800
> session.bug_compat_42 = 0
> session.bug_compat_warn = 1
> session.referer_check =
> session.entropy_length = 32
> session.entropy_file = /dev/urandom
> session.cache_limiter =
> session.cache_expire = 180
> session.use_trans_sid = 0
> 
> Now, to my understanding, with this setup, the session cookie should be 
> good for as long as the browser is open, the garbage collector will be run 
> on any session startup, and a session should be considered garbage after 3 
> hours.  My problem is that these settings don't always seem to be followed. 
> Even after sitting for only 60 minutes sometimes, if I click on the logout 
> button in my interface (which executes the following code), I get a 
> session_destroy error, about it the session being called for destruction 
> not being found....
> 
>      if ((!empty($_GET['action'])) && ($_GET['action'] == "logout")) {
>          session_unset();
>          if (!empty($_SESSION['logged_in'])) {
>              session_destroy();
>          }
>       }
> 
> The only other code is simple HTML output. The session variable "logged_in" 
> is set upon successful login initially. My rationale for that variable is 
> that if the session file gets removed via the garbage collector, then that 
> check above should fail, and the session_destroy function won't be called. 
> But this doesn't seem to ever work. Is there anything I'm missing here? Any 
> help would be appreciated. This is all running on Apache 1.3.29, using 
> Redhat 8 with all current updates, and PHP 4.3.4.
> 
> Thanks in advance for any help you may have.
> 
> 
> 
> 
> ---
> Tim Meader
> CNE ODIN Unix Group
> Lockheed Martin Information Technologies
> [EMAIL PROTECTED]
> (301) 286-8013  

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to