Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

PHP session time

  • 17-10-2006 11:05PM
    #1
    Peter B
    Registered Users, Registered Users 2 Posts: 1,086 ✭✭✭


    I have to lengthen my PHP session variables.

    My users keep getting logged out way too early, 3-5 minutes. I need to increase their session time to 1 hour +.

    Anyone know how?

    My session.cache_expire is 180.


Comments

  • #2
    realblackstuff
    Closed Accounts Posts: 80 ✭✭realblackstuff


    That 180 means 180 minutes = 3 hours!
    Maybe this page is of help?
    http://www.zend.com/manual/ref.session.php


  • #3
    Adam
    Closed Accounts Posts: 8,866 ✭✭✭Adam


    If they're getting logged out that quickly one would assume you have problems maintaining the session across the site? Is there a specific point at which your users are losing the sessions?


  • #4
    Peter B
    Registered Users, Registered Users 2 Posts: 1,086 ✭✭✭Peter B


    No I'm quite sure it is not due to sessions being lost on 1/more of the pages on my site.

    After doing some more research on it I realise my session.gc_maxlifetime is set to 1440. This would mean 24 minutes. Hmmm because I am constantly logging in and out with different users / browser windows, maybe my timeout time of 3-5 minutes is incorrect. A user who constantly needs their account logged in told me they have to re-login often (not sure of exact timeframe). Should I use cookies or refreshes to maintain the session life or just alter the session.gc_maxlifetime?

    Thanks


  • #5
    Adam
    Closed Accounts Posts: 8,866 ✭✭✭Adam


    session.gc_maxlifetime specifies the amount of time in seconds that data will remain usable, after which it is scrapped. However the clean-up only occurs on a session_start() I believe, so if you're not opening a new session on all your pages it shouldn't be a problem.

    Using particularly long sessions is never recommended as far as I know, for security reasons. I guess if you have users that want to remain logged in 24/7 then cookies is the way to go. I would be sure to put a note somewhere during registration that the site requires cookies to operate though, and even at that you will find some customers wont know what a cookie is or how to allow them etc.

    Its all pro's and con's, depends on the individual.


  • #6
    Peter B
    Registered Users, Registered Users 2 Posts: 1,086 ✭✭✭Peter B


    fade_to_grey wrote:
    session.gc_maxlifetime specifies the amount of time in seconds that data will remain usable, after which it is scrapped. However the clean-up only occurs on a session_start() I believe, so if you're not opening a new session on all your pages it shouldn't be a problem.


    I am using the session_start() function on all of my pages. I thought this would not open a new session but allow you to acces variables from your already open session? If I don't call it I don't think I can open the $_SESSION which would mean I would not be able to display user information on a page.


  • Advertisement
  • #7
    Gosh
    Registered Users, Registered Users 2 Posts: 684 ✭✭✭Gosh


    In order to use PHP sessions cookies have to be enabled on the client side, the PHP session ID is held in a cookie called PHPSESSID. If cookies are not enabled on the client browser then PHP sessions can't work - one way to get around this is to pass the PHP session ID as part of the URL - this has security implications.


Advertisement