Re: [PHP] Sessions - Ini settings and timeout
Hi.
Thank you very much Casey. I followed this suggestion as Zoltán also
suggested and it's working nice.
Best regards,
holo
"Casey" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> You could set $_SESSION['lasttime'] to time() and check it on every page.
>
>
>
> On Oct 17, 2007, at 3:58 AM, "Holografix" <[EMAIL PROTECTED]> wrote:
>
>> I have some questions about sessions timeout and sessions ini settings.
>>
>> In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only)
>> ,
>> session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch
>> this
>> values)
>>
>> I have two simple pages
>>
>>
>> page1.php
>> -
>> session_start();
>> $_SESSION["test"] = "TEST";
>> test timeout
>>
>>
>> page2.php
>> =
>> session_start();
>> if (!isset($_SESSION["test"]) ) {
>>echo "no session"; die();
>> }
>> print_r($_SESSION);
>>
>>
>> I open page1.php in the browser and only click in the link after waiting
>> more than 30 seconds (session.gc_maxlifetime).
>> After this period what should happen with $_SESSION["test"] in
>> page2.php?
>>
>> In php, session.gc_maxlifetime: ; After this number of seconds, stored
>> data
>> will be seen as 'garbage' and
>> ; cleaned up by the garbage collection process.
>>
>> I need to understand this and get a way to automaticly logout a user
>> after n
>> minutes of inactivity.
>>
>> My environment:
>> Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql
>> 5.4.5
>>
>>
>> Best regards
>> holo
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions - Ini settings and timeout
Many thanks again Zoltán.
It's working nice now.
Best regards
holo
""Zoltán Németh"" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> 2007. 10. 17, szerda keltezéssel 15.10-kor Holografix ezt írta:
>> Many thanks Zoltn.
>>
>> It's clear now
>> One more thing: session.cookie_lifetime defaults to 0 (until browser is
>> closed).
>> if setting session.cookie_lifetime to 60 can I look for
>> $_SESSION[session_name()] in every request ?
>
> why $_SESSION[session_name()]?
> I never bother with session_name and stuff like that, just put whatever
> I want to store in $_SESSION and voila it's there :)
>
> about session.cookie_lifetime: if the cookie expires on the client
> computer, the browser would not send it, so the server side would not
> receive the session ID, so the session data would be lost. that's good
> in some cases, but if you leave cookie_lifetime at its default, cookies
> expire when the browser is closed. that, combined with a lasttime value
> stored in the session, should be enough.
>
> greets
> Zoltán Németh
>
>>
>> best regards
>> holo
>>
>>
>> ""Zoltn Nmeth"" <[EMAIL PROTECTED]> wrote in message
>> news:[EMAIL PROTECTED]
>> > 2007. 10. 17, szerda keltezssel 11.58-kor Holografix ezt rta:
>> >> I have some questions about sessions timeout and sessions ini
>> >> settings.
>> >>
>> >> In php.ini I have session.gc_maxlifetime = 30 (for testing purpose
>> >> only)
>> >> ,
>> >> session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch
>> >> this
>> >> values)
>> >>
>> >> I have two simple pages
>> >>
>> >>
>> >> page1.php
>> >> -
>> >> session_start();
>> >> $_SESSION["test"] = "TEST";
>> >> test timeout
>> >>
>> >>
>> >> page2.php
>> >> =
>> >> session_start();
>> >> if (!isset($_SESSION["test"]) ) {
>> >> echo "no session"; die();
>> >> }
>> >> print_r($_SESSION);
>> >>
>> >>
>> >> I open page1.php in the browser and only click in the link after
>> >> waiting
>> >> more than 30 seconds (session.gc_maxlifetime).
>> >> After this period what should happen with $_SESSION["test"] in
>> >> page2.php?
>> >>
>> >> In php, session.gc_maxlifetime: ; After this number of seconds, stored
>> >> data
>> >> will be seen as 'garbage' and
>> >> ; cleaned up by the garbage collection process.
>> >>
>> >> I need to understand this and get a way to automaticly logout a user
>> >> after n
>> >> minutes of inactivity.
>> >
>> > session.gc_maxlifetime is not what you are looking for. it works like
>> > at
>> > every request there is a 1/100 chance
>> > (session.gc_probability/session.gc_divisor) that the garbage collector
>> > will run. if it runs, and finds session data older than
>> > session.gc_maxlifetime, that is cleaned up.
>> >
>> > in order to achieve what you want you should store a 'last action'
>> > timestamp or something like that in the session, and upon each request
>> > check how many seconds passed since that timestamp and decide session
>> > validity based on that. eg:
>> >
>> > session_start();
>> > if ($_SESSION['last_action_timestamp'] - time() > $max_lifetime)
>> > {
>> > // session expired
>> > }
>> > else
>> > {
>> > $_SESSION['last_action_timestamp'] = time();
>> > }
>> >
>> > greets
>> > Zoltn Nmeth
>> >
>> >>
>> >> My environment:
>> >> Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql
>> >> 5.4.5
>> >>
>> >>
>> >> Best regards
>> >> holo
>> >>
>>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions - Ini settings and timeout
2007. 10. 17, szerda keltezéssel 15.10-kor Holografix ezt írta:
> Many thanks Zoltn.
>
> It's clear now
> One more thing: session.cookie_lifetime defaults to 0 (until browser is
> closed).
> if setting session.cookie_lifetime to 60 can I look for
> $_SESSION[session_name()] in every request ?
why $_SESSION[session_name()]?
I never bother with session_name and stuff like that, just put whatever
I want to store in $_SESSION and voila it's there :)
about session.cookie_lifetime: if the cookie expires on the client
computer, the browser would not send it, so the server side would not
receive the session ID, so the session data would be lost. that's good
in some cases, but if you leave cookie_lifetime at its default, cookies
expire when the browser is closed. that, combined with a lasttime value
stored in the session, should be enough.
greets
Zoltán Németh
>
> best regards
> holo
>
>
> ""Zoltn Nmeth"" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > 2007. 10. 17, szerda keltezssel 11.58-kor Holografix ezt rta:
> >> I have some questions about sessions timeout and sessions ini settings.
> >>
> >> In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only)
> >> ,
> >> session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch
> >> this
> >> values)
> >>
> >> I have two simple pages
> >>
> >>
> >> page1.php
> >> -
> >> session_start();
> >> $_SESSION["test"] = "TEST";
> >> test timeout
> >>
> >>
> >> page2.php
> >> =
> >> session_start();
> >> if (!isset($_SESSION["test"]) ) {
> >> echo "no session"; die();
> >> }
> >> print_r($_SESSION);
> >>
> >>
> >> I open page1.php in the browser and only click in the link after waiting
> >> more than 30 seconds (session.gc_maxlifetime).
> >> After this period what should happen with $_SESSION["test"] in page2.php?
> >>
> >> In php, session.gc_maxlifetime: ; After this number of seconds, stored
> >> data
> >> will be seen as 'garbage' and
> >> ; cleaned up by the garbage collection process.
> >>
> >> I need to understand this and get a way to automaticly logout a user
> >> after n
> >> minutes of inactivity.
> >
> > session.gc_maxlifetime is not what you are looking for. it works like at
> > every request there is a 1/100 chance
> > (session.gc_probability/session.gc_divisor) that the garbage collector
> > will run. if it runs, and finds session data older than
> > session.gc_maxlifetime, that is cleaned up.
> >
> > in order to achieve what you want you should store a 'last action'
> > timestamp or something like that in the session, and upon each request
> > check how many seconds passed since that timestamp and decide session
> > validity based on that. eg:
> >
> > session_start();
> > if ($_SESSION['last_action_timestamp'] - time() > $max_lifetime)
> > {
> > // session expired
> > }
> > else
> > {
> > $_SESSION['last_action_timestamp'] = time();
> > }
> >
> > greets
> > Zoltn Nmeth
> >
> >>
> >> My environment:
> >> Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5
> >>
> >>
> >> Best regards
> >> holo
> >>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions - Ini settings and timeout
You could set $_SESSION['lasttime'] to time() and check it on every
page.
On Oct 17, 2007, at 3:58 AM, "Holografix" <[EMAIL PROTECTED]> wrote:
I have some questions about sessions timeout and sessions ini
settings.
In php.ini I have session.gc_maxlifetime = 30 (for testing purpose
only) ,
session.gc_probability = 1 and session.gc_divisor = 100 (didn't
touch this
values)
I have two simple pages
page1.php
-
session_start();
$_SESSION["test"] = "TEST";
test timeout
page2.php
=
session_start();
if (!isset($_SESSION["test"]) ) {
echo "no session"; die();
}
print_r($_SESSION);
I open page1.php in the browser and only click in the link after
waiting
more than 30 seconds (session.gc_maxlifetime).
After this period what should happen with $_SESSION["test"] in
page2.php?
In php, session.gc_maxlifetime: ; After this number of seconds,
stored data
will be seen as 'garbage' and
; cleaned up by the garbage collection process.
I need to understand this and get a way to automaticly logout a user
after n
minutes of inactivity.
My environment:
Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql
5.4.5
Best regards
holo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions - Ini settings and timeout
Many thanks Zoltán.
It's clear now
One more thing: session.cookie_lifetime defaults to 0 (until browser is
closed).
if setting session.cookie_lifetime to 60 can I look for
$_SESSION[session_name()] in every request ?
best regards
holo
""Zoltán Németh"" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> 2007. 10. 17, szerda keltezéssel 11.58-kor Holografix ezt írta:
>> I have some questions about sessions timeout and sessions ini settings.
>>
>> In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only)
>> ,
>> session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch
>> this
>> values)
>>
>> I have two simple pages
>>
>>
>> page1.php
>> -
>> session_start();
>> $_SESSION["test"] = "TEST";
>> test timeout
>>
>>
>> page2.php
>> =
>> session_start();
>> if (!isset($_SESSION["test"]) ) {
>> echo "no session"; die();
>> }
>> print_r($_SESSION);
>>
>>
>> I open page1.php in the browser and only click in the link after waiting
>> more than 30 seconds (session.gc_maxlifetime).
>> After this period what should happen with $_SESSION["test"] in page2.php?
>>
>> In php, session.gc_maxlifetime: ; After this number of seconds, stored
>> data
>> will be seen as 'garbage' and
>> ; cleaned up by the garbage collection process.
>>
>> I need to understand this and get a way to automaticly logout a user
>> after n
>> minutes of inactivity.
>
> session.gc_maxlifetime is not what you are looking for. it works like at
> every request there is a 1/100 chance
> (session.gc_probability/session.gc_divisor) that the garbage collector
> will run. if it runs, and finds session data older than
> session.gc_maxlifetime, that is cleaned up.
>
> in order to achieve what you want you should store a 'last action'
> timestamp or something like that in the session, and upon each request
> check how many seconds passed since that timestamp and decide session
> validity based on that. eg:
>
> session_start();
> if ($_SESSION['last_action_timestamp'] - time() > $max_lifetime)
> {
> // session expired
> }
> else
> {
> $_SESSION['last_action_timestamp'] = time();
> }
>
> greets
> Zoltán Németh
>
>>
>> My environment:
>> Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5
>>
>>
>> Best regards
>> holo
>>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions - Ini settings and timeout
2007. 10. 17, szerda keltezéssel 11.58-kor Holografix ezt írta:
> I have some questions about sessions timeout and sessions ini settings.
>
> In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only) ,
> session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch this
> values)
>
> I have two simple pages
>
>
> page1.php
> -
> session_start();
> $_SESSION["test"] = "TEST";
> test timeout
>
>
> page2.php
> =
> session_start();
> if (!isset($_SESSION["test"]) ) {
> echo "no session"; die();
> }
> print_r($_SESSION);
>
>
> I open page1.php in the browser and only click in the link after waiting
> more than 30 seconds (session.gc_maxlifetime).
> After this period what should happen with $_SESSION["test"] in page2.php?
>
> In php, session.gc_maxlifetime: ; After this number of seconds, stored data
> will be seen as 'garbage' and
> ; cleaned up by the garbage collection process.
>
> I need to understand this and get a way to automaticly logout a user after n
> minutes of inactivity.
session.gc_maxlifetime is not what you are looking for. it works like at
every request there is a 1/100 chance
(session.gc_probability/session.gc_divisor) that the garbage collector
will run. if it runs, and finds session data older than
session.gc_maxlifetime, that is cleaned up.
in order to achieve what you want you should store a 'last action'
timestamp or something like that in the session, and upon each request
check how many seconds passed since that timestamp and decide session
validity based on that. eg:
session_start();
if ($_SESSION['last_action_timestamp'] - time() > $max_lifetime)
{
// session expired
}
else
{
$_SESSION['last_action_timestamp'] = time();
}
greets
Zoltán Németh
>
> My environment:
> Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5
>
>
> Best regards
> holo
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sessions - Ini settings and timeout
I have some questions about sessions timeout and sessions ini settings.
In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only) ,
session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch this
values)
I have two simple pages
page1.php
-
session_start();
$_SESSION["test"] = "TEST";
test timeout
page2.php
=
session_start();
if (!isset($_SESSION["test"]) ) {
echo "no session"; die();
}
print_r($_SESSION);
I open page1.php in the browser and only click in the link after waiting
more than 30 seconds (session.gc_maxlifetime).
After this period what should happen with $_SESSION["test"] in page2.php?
In php, session.gc_maxlifetime: ; After this number of seconds, stored data
will be seen as 'garbage' and
; cleaned up by the garbage collection process.
I need to understand this and get a way to automaticly logout a user after n
minutes of inactivity.
My environment:
Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5
Best regards
holo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
