Re: [PHP] Session timeout
Hi all, I've found the key of all... at least this is what I think ;-) (And, again, at least, for Debian users) The thing is I want to have control on what exactly a session lasts, and advice the user some time before to renew the session if he wants. If you only set gc_maxlifetime with ini_set or even in php.ini the session management won't work properly... why? In Debian, garbage collector is called from a cron taks located in /etc/cron.d/php5 This task is set to be called every 30 minutes, then you can't set session.gc_maxlifetime less than this time... Because GC won't do its work till minute 30... Then, the first thing you should do is set this task to be called in fewer minutes. ( I set up to */2, i.e. every to minutes) But this is not enough... This cron task calls a script located in /usr/lib/php5/ - maxlifetime.sh: #!/bin/sh -e max=1440 for ini in /etc/php5/*/php.ini; do cur=$(sed -n -e 's/^[[:space:]]*session.gc_maxlifetime[[:space:]]*=[[:sp ace:]]*\([0-9]\+\).*$/\1/p' $ini 2/dev/null || true); [ -z $cur ] cur=0 [ $cur -gt $max ] max=$cur done echo $(($max/60)) exit 0 As you see... It opens every php.ini located in /etc/php5 and gets session.gc_maxlifetime and it keeps the max value of all. It is compared with max variable and if it's greater it sets $max to this value... Then, if you set up session.gc_lifetime for example to 600 seconds in all your php.ini's, this script will return 24 minutes (1440 seconds) Because 600 is not greater than 1440. So, you must change the third line and set max to another value, 600 or less for example. And this is it... GC will work properly. I hope it helps to somebody! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session timeout
On Thu, December 13, 2007 6:36 am, Dani Castaños wrote: I've read a bit about PHP session timeout. Is it configurable?? I mean, If i want user logged out after 10 minutes of innactivity... where i can to set it up?? Is it possible to expire session configuring php.ini. I know i will have to write code to do whatever when the session expires... You CAN and it's done with session_set_cookie_parameters or in php.ini... But keep in mind that session timeout relies on the SERVER and the CLIENT both having their clocks set correctly. One would hope that one's server has the correct time, but there's really not much bank in relying on end user computers to have the corret time. So if the time of the logging out really matters, store their last usage time in their $_SESSION or in a cookie or something and do your own date-time calculations, completely independent of the client or even server datetime setting. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session timeout
I've read a bit about PHP session timeout. Is it configurable?? I mean, If i want user logged out after 10 minutes of innactivity... where i can to set it up?? Is it possible to expire session configuring php.ini. I know i will have to write code to do whatever when the session expires... There are various configuration options for this (which you change in the php.ini or by using the ini_set() function): session.gc_maxlifetime session.cookie_lifetime Read all about sessions here: http://uk.php.net/manual/en/ref.session.php -- Richard Heyes http://www.websupportsolutions.co.uk Knowledge Base and HelpDesk software that can cut the cost of online support ** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session timeout
There are various configuration options for this (which you change in the php.ini or by using the ini_set() function): session.gc_maxlifetime session.cookie_lifetime Before sending my first mail, i've changed those parameters... and nothing seems to change. I set up also session.cache_expire... but... nothing happens... session does not expire -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session timeout
There are various configuration options for this (which you change in the php.ini or by using the ini_set() function): session.gc_maxlifetime session.cookie_lifetime Before sending my first mail, i've changed those parameters... and nothing seems to change. I set up also session.cache_expire... but... nothing happens... session does not expire If you change them in your php.ini don't forget you'll need to restart your web server. -- Richard Heyes http://www.websupportsolutions.co.uk Knowledge Base and HelpDesk software that can cut the cost of online support ** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session timeout
You could always just set you own cookie that expires after 10 min. Have your script redirect to a login page if the cookie has expired or reset the cookie if its still valid. - Original Message - From: Dani Castaños [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Thursday, December 13, 2007 7:36:06 AM (GMT-0500) America/New_York Subject: [PHP] Session timeout Hi all! I've read a bit about PHP session timeout. Is it configurable?? I mean, If i want user logged out after 10 minutes of innactivity... where i can to set it up?? Is it possible to expire session configuring php.ini. I know i will have to write code to do whatever when the session expires... Thank you in advance -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Victor J. Matherly Technical Services Wave Communications, Inc http://www.wave-communications.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session timeout
You can simulate that, because not always you'll be able to do init_set You can save in a session var the TTL (time to live) $_SESSION['TTL'] = time() + TIMEOUT; Then before do anything you see if the session is still valid if ( $_SESSION['TTL'] time() ) close_session(); I hope this be helpful for you! On 13/12/2007, Richard Heyes [EMAIL PROTECTED] wrote: I've read a bit about PHP session timeout. Is it configurable?? I mean, If i want user logged out after 10 minutes of innactivity... where i can to set it up?? Is it possible to expire session configuring php.ini. I know i will have to write code to do whatever when the session expires... There are various configuration options for this (which you change in the php.ini or by using the ini_set() function): session.gc_maxlifetime session.cookie_lifetime Read all about sessions here: http://uk.php.net/manual/en/ref.session.php -- Richard Heyes http://www.websupportsolutions.co.uk Knowledge Base and HelpDesk software that can cut the cost of online support ** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Best Regards Cesar D. Rodas http://www.cesarodas.com http://www.thyphp.com http://www.phpajax.org Phone: +595-961-974165
Re: [PHP] Session timeout
You can simulate that, because not always you'll be able to do init_set ini_set(), and when? -- Richard Heyes http://www.websupportsolutions.co.uk Knowledge Base and HelpDesk software that can cut the cost of online support ** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session timeout
# store entry time to session
$_SESSION['entry_time'] = time();
# checking if session expired
if((time() - $_SESSION['entry_time']) 3600) #session expired after 1 hour
{
header('login.php');
exit;
}
-afan
Hi all.
I have users log into my site to perform certain actions. However, I
want to create a timed session so that it automatically logs them out
after a certain amount of time. I am using
`session_set_cookie_params()` to create the amount of available time
that the user is logged in.
But my question is: how do I test to see if the session has timed out?
Once the session time has elapsed, are the $_SESSION variables
automatically destroyed or what?
Thanks in advance,
~Philip
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session timeout
On Mon, 04 Oct 2004 09:54:15 -0500, Philip Thompson [EMAIL PROTECTED] wrote: I have users log into my site to perform certain actions. However, I want to create a timed session so that it automatically logs them out after a certain amount of time. I am using `session_set_cookie_params()` to create the amount of available time that the user is logged in. session.gc_maxlifetime sets the session lifetime. But my question is: how do I test to see if the session has timed out? if(isset($_SESSION['some_session_var'])) Once the session time has elapsed, are the $_SESSION variables automatically destroyed or what? Session garbage collection occurs occasionally when session_start() is called. -- Greg Donald Zend Certified Engineer http://gdconsultants.com/ http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session timeout
Philip Thompson wrote: Hi all. I have users log into my site to perform certain actions. However, I want to create a timed session so that it automatically logs them out after a certain amount of time. I am using `session_set_cookie_params()` to create the amount of available time that the user is logged in. Cookies are not reliable, as they are client side. One can easily extend this period to infinity. You should instead store the login time in a session variable and check this variable on each request. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session timeout
pete M wrote:
Am trying to increae the session lifetime to 8 hours ish
using this code
ini_set('session.gc_maxlifetime',28800);
does not work ?
any ideas
Pete
There are 3 conditions that must be met:
1. You must set it before session_start()
2. No other application can access your session storage. Other
applications could have shorter session lifetime, and the shortest would
apply for all other applications.
3. The session cookie must live long enough. The default lifetime for
session cookie is 0, that means untill the browser closes.
HTH
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session timeout
Hello Marek,
I had similar trouble with my PHP application. I used an .htaccess
file with the same line. But it still did not work. I guess I even tried
ini_set() function.
I have a question with this point :
2. No other application can access your session storage. Other
applications could have shorter session lifetime, and the shortest
would apply for all other applications.
Does it mean that the shortest session lifetime associated with an
application applies to all other applications in the domain ?
Has anyone been able to get the session_life to last atleast a couple
of hours // my appl logs the user out after about 30 mins
Thanks in advance
Pushpinder Singh
On Friday, April 16, 2004, at 08:54 AM, Marek Kilimajer wrote:
pete M wrote:
Am trying to increae the session lifetime to 8 hours ish
using this code
ini_set('session.gc_maxlifetime',28800);
does not work ?
any ideas
Pete
There are 3 conditions that must be met:
1. You must set it before session_start()
2. No other application can access your session storage. Other
applications could have shorter session lifetime, and the shortest
would apply for all other applications.
3. The session cookie must live long enough. The default lifetime for
session cookie is 0, that means untill the browser closes.
HTH
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session timeout
Friday, April 16, 2004, 4:35:30 PM, you wrote:
Hello Marek,
I had similar trouble with my PHP application. I used an .htaccess
file with the same line. But it still did not work. I guess I even tried
ini_set() function.
I have a question with this point :
I can only answer part of it:
2. No other application can access your session storage. Other
applications could have shorter session lifetime, and the shortest
would apply for all other applications.
If you have your own session_save_path('/my/session/path') and make
sure no other application writes to the same one those sessions are
'safe' and in theory cou can have any session timeout you want. (same
argument, rephrased)
Does it mean that the shortest session lifetime associated with an
application applies to all other applications in the domain ?
yes,
The reason for this is that the session garbage collector gets called
with a certain (configurable) probability that will remove any files
older than TTL in that directory - automagically invalidating any
session ids having been inactive - no file to validate against.
Has anyone been able to get the session_life to last atleast a couple
of hours // my appl logs the user out after about 30 mins
I can't confirm on having longer session timeouts as I didn't really
care / had the need to...
Thanks in advance
Pushpinder Singh
Richard
On Friday, April 16, 2004, at 08:54 AM, Marek Kilimajer wrote:
pete M wrote:
Am trying to increae the session lifetime to 8 hours ish
using this code
ini_set('session.gc_maxlifetime',28800);
does not work ?
any ideas
Pete
There are 3 conditions that must be met:
1. You must set it before session_start()
2. No other application can access your session storage. Other
applications could have shorter session lifetime, and the shortest
would apply for all other applications.
3. The session cookie must live long enough. The default lifetime for
session cookie is 0, that means untill the browser closes.
HTH
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session timeout
From: pete M [EMAIL PROTECTED] How do I set the session timeout - eg someone leaves a broweser for say half an hour then have to log in again.. As I'm on an intranet I want to increase ro 3 hours Exact method: Save the current time on each request in the session. On each request, check that time and if it's over 3 hours, then end the session / force them to log in again. Approx. Method: Look at the session.gc_maxlifetime setting in php.ini. This setting controlls when session files are cleaned up. If the files have not been accessed in gc_maxlifetime seconds when the garbage collection is initiated, then the file is deleted. Upon the next request, the session will be empty and the user should be forced to log in again. I say this is approx. because garbage collection is triggered on a random process based upon your requests. So files can run over the gc_maxlifetime setting sometimes if the collection isn't triggered. I just rely on this, though... it's close enough for government work. :) ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session timeout
pete M wrote: How do I set the session timeout - eg someone leaves a broweser for say half an hour then have to log in again.. As I'm on an intranet I want to increase ro 3 hours Pete increase the value of session.gc_maxlifetime (in seconds), session.cookie_lifetime should be still 0 (untill the browser is closed) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session timeout
From: [EMAIL PROTECTED] How do I set the session timeout - eg someone leaves a broweser for say half an hour then have to log in again.. As I'm on an intranet I want to increase ro 3 hours Pete, Change the default configuration of the option session.cookie_lifetime in the php.ini This won't help when the garbage collection deletes the session file after 24 minutes (default), though. Yeah, you'll have a valid session ID in a cookie for 3 hours, but no matching session file. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Timeout
Better solution would be to display your login form together with all
get and post variables in hidden fields. If the user logs in
sucessfully, your script can continue with processing the form data.
[EMAIL PROTECTED] wrote:
right of course, 1440 is only 24 minutes.
On Tuesday, October 28, 2003 6:46 PM wrote:
Hi there, i am experiencing a session timeout problem with one of my
projects. One of the users had left their machine for less than 15
mins,
maybe a bit more and it logged them out when posting data. This isnt
good
as they lost their data. I was wondering how i can dynamically set the
session timeout to try and prevent this.
Use ini_set() to alter the max lifetime of a session.
ini_set('session.gc_maxlifetime',n);
where n is the number of seconds you want to pass before the session is
expired. Default is 1440.
Cheers,
Pablo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Timeout
On Tuesday, October 28, 2003 6:46 PM wrote:
Hi there, i am experiencing a session timeout problem with one of my
projects. One of the users had left their machine for less than 15
mins,
maybe a bit more and it logged them out when posting data. This isnt
good
as they lost their data. I was wondering how i can dynamically set the
session timeout to try and prevent this.
Use ini_set() to alter the max lifetime of a session.
ini_set('session.gc_maxlifetime',n);
where n is the number of seconds you want to pass before the session is
expired. Default is 1440.
Cheers,
Pablo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Timeout
right of course, 1440 is only 24 minutes.
On Tuesday, October 28, 2003 6:46 PM wrote:
Hi there, i am experiencing a session timeout problem with one of my
projects. One of the users had left their machine for less than 15
mins,
maybe a bit more and it logged them out when posting data. This isnt
good
as they lost their data. I was wondering how i can dynamically set the
session timeout to try and prevent this.
Use ini_set() to alter the max lifetime of a session.
ini_set('session.gc_maxlifetime',n);
where n is the number of seconds you want to pass before the session is
expired. Default is 1440.
Cheers,
Pablo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Timeout
Hi, Saturday, August 30, 2003, 1:55:02 PM, you wrote: SW From what I see, the default timeout for a session is 1440 seconds or SW 24 minutes. I was gone for nearly an hour, came back, and the session SW was still valid. Must the value set in the config file be different SW than 1440, or am I misunderstanding session.gc_maxlifetime? I'd like SW for the user to be required to log in if they've been inactive for 10 SW minutes, or if they closed the browser window and opened another one. SW Sorry for all the basic questions :) SW Seth Willits SW SW --- SW President and Head Developer of Freak Software - http://www.freaksw.com SW QA Columnist for REALbasic Developer Magazine - SW http://www.rbdeveloper.com SW Webmaster for REALbasic Game Central - http://www.freaksw.com/rbgames SW Not everything that can be counted counts, and not everything that SW counts SW can be counted. SW -- Albert Einstein SW SW --- The session timeout just sets the maximum time before the session data becomes valid for a garbage collect. If a garbage collect is not triggered the data is still valid as far as php is concerned. You have to implement your own timeout checks if you need exactly 24 minutes. You can do this by storeing the last accessed time in the $_SESSION array and check it on each start. I think by default garbage is collected 1 in every 100 hits. (1%) If it done on every hit it would start to impact performance on busy sites. -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Timeout
* Thus wrote Seth Willits ([EMAIL PROTECTED]):
From what I see, the default timeout for a session is 1440 seconds or
24 minutes. I was gone for nearly an hour, came back, and the session
was still valid. Must the value set in the config file be different
than 1440, or am I misunderstanding session.gc_maxlifetime? I'd like
for the user to be required to log in if they've been inactive for 10
minutes, or if they closed the browser window and opened another one.
The issue with the session still being around when your browser
closed then reopened has to with the ini setting:
session.cookie_lifetime
You want it to be 0, for it to expire as soon as the browser closes.
You might want to manage your lifetime of the session yourself,
like Tom Rogers suggested. This will also avoid issues with clock
settings on the client's computer. So a set up with something like
this:
php.ini:
session.cookie_lifetime = 0
file.php:
$lifetime = (60 * 10); // 10 minutes lifetime
session_start();
if (! empty($_SESSION['last_access']
$_SESSION['last_access'] = (time() + $lifetime) ) {
// Session has expired
$_SESSION = array(); // kill session
} else {
$_SESSION['last_access'] = time();
}
-OR-
if you're not worried about the client's clock being fast or slow:
php.ini:
session.cookie_lifetime = 10;
Curt
--
I used to think I was indecisive, but now I'm not so sure.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session timeout
look in php.ini py - Original Message - From: Frédéric Mériot [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 10, 2001 1:33 PM Subject: [PHP] Session timeout How to set the session timeout? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
