I've been making some modifications on an application that uses PHP
sessions for authentication. Our client wants sessions to time out
after six hours of inactivity, and I'm wondering if there's an easy way
to do that by configuring PHP.
session.cookie_lifetime
sets the lifetime of the session cookie -- however, it appears that
the cookie gets set once on session start, so this would cause the
session to last six hours after it begins. It's not so clear to me
exactly what
session.gc_maxlifetime
does, but with a default value of 1440 seconds, I'd think that my
sessions would be expiring a lot more quickly than they are if that was
setting a timeout.
I can certainly hack the code to do something like
$now=time();
if(isset($_SESSION["timestamp"])) {
... dump session if now-timestamp > limit ...
}
$_SESSION["timestamp"]=$now;
but I'm wondering if there's a more natural way to do it.
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
