Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

PHP session time

Options
  • 17-10-2006 11:05pm
    #1
    Peter B
    Registered Users Posts: 1,086 ✭✭✭


    I have to lengthen my PHP session variables.

    My users keep getting logged out way too early, 3-5 minutes. I need to increase their session time to 1 hour +.

    Anyone know how?

    My session.cache_expire is 180.


Comments

  • Options
    #2
    realblackstuff
    Closed Accounts Posts: 80 ✭✭realblackstuff


    That 180 means 180 minutes = 3 hours!
    Maybe this page is of help?
    http://www.zend.com/manual/ref.session.php


  • Options
    #3
    Adam
    Closed Accounts Posts: 8,866 ✭✭✭Adam


    If they're getting logged out that quickly one would assume you have problems maintaining the session across the site? Is there a specific point at which your users are losing the sessions?


  • Options
    #4
    Peter B
    Registered Users Posts: 1,086 ✭✭✭Peter B


    No I'm quite sure it is not due to sessions being lost on 1/more of the pages on my site.

    After doing some more research on it I realise my session.gc_maxlifetime is set to 1440. This would mean 24 minutes. Hmmm because I am constantly logging in and out with different users / browser windows, maybe my timeout time of 3-5 minutes is incorrect. A user who constantly needs their account logged in told me they have to re-login often (not sure of exact timeframe). Should I use cookies or refreshes to maintain the session life or just alter the session.gc_maxlifetime?

    Thanks


  • Options
    #5
    Adam
    Closed Accounts Posts: 8,866 ✭✭✭Adam


    session.gc_maxlifetime specifies the amount of time in seconds that data will remain usable, after which it is scrapped. However the clean-up only occurs on a session_start() I believe, so if you're not opening a new session on all your pages it shouldn't be a problem.

    Using particularly long sessions is never recommended as far as I know, for security reasons. I guess if you have users that want to remain logged in 24/7 then cookies is the way to go. I would be sure to put a note somewhere during registration that the site requires cookies to operate though, and even at that you will find some customers wont know what a cookie is or how to allow them etc.

    Its all pro's and con's, depends on the individual.


  • Options
    #6
    Peter B
    Registered Users Posts: 1,086 ✭✭✭Peter B


    fade_to_grey wrote:
    session.gc_maxlifetime specifies the amount of time in seconds that data will remain usable, after which it is scrapped. However the clean-up only occurs on a session_start() I believe, so if you're not opening a new session on all your pages it shouldn't be a problem.


    I am using the session_start() function on all of my pages. I thought this would not open a new session but allow you to acces variables from your already open session? If I don't call it I don't think I can open the $_SESSION which would mean I would not be able to display user information on a page.


  • Advertisement
  • Options
    #7
    Gosh
    Registered Users Posts: 683 ✭✭✭Gosh


    In order to use PHP sessions cookies have to be enabled on the client side, the PHP session ID is held in a cookie called PHPSESSID. If cookies are not enabled on the client browser then PHP sessions can't work - one way to get around this is to pass the PHP session ID as part of the URL - this has security implications.


Advertisement