Sessions - Ini settings and timeout
This is a discussion on Sessions - Ini settings and timeout within the PHP General forums, part of the PHP Programming Forums category; I have some questions about sessions timeout and sessions ini settings. In php.ini I have session.gc_maxlifetime = 30 (for ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-17-2007
|
|||
|
|||
Sessions - Ini settings and timeout
I have some questions about sessions timeout and sessions ini settings.
In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only) , session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch this values) I have two simple pages page1.php --------- session_start(); $_SESSION["test"] = "TEST"; <a href="page2.php">test timeout</a> page2.php ========= session_start(); if (!isset($_SESSION["test"]) ) { echo "no session"; die(); } print_r($_SESSION); I open page1.php in the browser and only click in the link after waiting more than 30 seconds (session.gc_maxlifetime). After this period what should happen with $_SESSION["test"] in page2.php? In php, session.gc_maxlifetime: ; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. I need to understand this and get a way to automaticly logout a user after n minutes of inactivity. My environment: Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5 Best regards holo 
|
|
10-17-2007
|
|||
|
|||
|
Re: [PHP] Sessions - Ini settings and timeout
2007. 10. 17, szerda keltezĂ©ssel 11.58-kor Holografix ezt Ă*rta:
> I have some questions about sessions timeout and sessions ini settings. > > In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only) , > session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch this > values) > > I have two simple pages > > > page1.php > --------- > session_start(); > $_SESSION["test"] = "TEST"; > <a href="page2.php">test timeout</a> > > > page2.php > ========= > session_start(); > if (!isset($_SESSION["test"]) ) { > echo "no session"; die(); > } > print_r($_SESSION); > > > I open page1.php in the browser and only click in the link after waiting > more than 30 seconds (session.gc_maxlifetime). > After this period what should happen with $_SESSION["test"] in page2.php? > > In php, session.gc_maxlifetime: ; After this number of seconds, stored data > will be seen as 'garbage' and > ; cleaned up by the garbage collection process. > > I need to understand this and get a way to automaticly logout a user after n > minutes of inactivity. session.gc_maxlifetime is not what you are looking for. it works like at every request there is a 1/100 chance (session.gc_probability/session.gc_divisor) that the garbage collector will run. if it runs, and finds session data older than session.gc_maxlifetime, that is cleaned up. in order to achieve what you want you should store a 'last action' timestamp or something like that in the session, and upon each request check how many seconds passed since that timestamp and decide session validity based on that. eg: session_start(); if ($_SESSION['last_action_timestamp'] - time() > $max_lifetime) { // session expired } else { $_SESSION['last_action_timestamp'] = time(); } greets Zoltán Németh > > My environment: > Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5 > > > Best regards > holo >
|
|
10-17-2007
|
|||
|
|||
|
Re: [PHP] Sessions - Ini settings and timeout
Many thanks Zoltán.
It's clear now One more thing: session.cookie_lifetime defaults to 0 (until browser is closed). if setting session.cookie_lifetime to 60 can I look for $_SESSION[session_name()] in every request ? best regards holo ""Zoltán Németh"" <znemeth@alterationx.hu> wrote in message news:1192621838.5342.7.camel@localhost... > 2007. 10. 17, szerda keltezéssel 11.58-kor Holografix ezt írta: >> I have some questions about sessions timeout and sessions ini settings. >> >> In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only) >> , >> session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch >> this >> values) >> >> I have two simple pages >> >> >> page1.php >> --------- >> session_start(); >> $_SESSION["test"] = "TEST"; >> <a href="page2.php">test timeout</a> >> >> >> page2.php >> ========= >> session_start(); >> if (!isset($_SESSION["test"]) ) { >> echo "no session"; die(); >> } >> print_r($_SESSION); >> >> >> I open page1.php in the browser and only click in the link after waiting >> more than 30 seconds (session.gc_maxlifetime). >> After this period what should happen with $_SESSION["test"] in page2.php? >> >> In php, session.gc_maxlifetime: ; After this number of seconds, stored >> data >> will be seen as 'garbage' and >> ; cleaned up by the garbage collection process. >> >> I need to understand this and get a way to automaticly logout a user >> after n >> minutes of inactivity. > > session.gc_maxlifetime is not what you are looking for. it works like at > every request there is a 1/100 chance > (session.gc_probability/session.gc_divisor) that the garbage collector > will run. if it runs, and finds session data older than > session.gc_maxlifetime, that is cleaned up. > > in order to achieve what you want you should store a 'last action' > timestamp or something like that in the session, and upon each request > check how many seconds passed since that timestamp and decide session > validity based on that. eg: > > session_start(); > if ($_SESSION['last_action_timestamp'] - time() > $max_lifetime) > { > // session expired > } > else > { > $_SESSION['last_action_timestamp'] = time(); > } > > greets > Zoltán Németh > >> >> My environment: >> Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5 >> >> >> Best regards >> holo >>
|
|
10-17-2007
|
|||
|
|||
|
Re: [PHP] Sessions - Ini settings and timeout
You could set $_SESSION['lasttime'] to time() and check it on every
page. On Oct 17, 2007, at 3:58 AM, "Holografix" <holografix@gmail.com> wrote: > I have some questions about sessions timeout and sessions ini > settings. > > In php.ini I have session.gc_maxlifetime = 30 (for testing purpose > only) , > session.gc_probability = 1 and session.gc_divisor = 100 (didn't > touch this > values) > > I have two simple pages > > > page1.php > --------- > session_start(); > $_SESSION["test"] = "TEST"; > <a href="page2.php">test timeout</a> > > > page2.php > ========= > session_start(); > if (!isset($_SESSION["test"]) ) { > echo "no session"; die(); > } > print_r($_SESSION); > > > I open page1.php in the browser and only click in the link after > waiting > more than 30 seconds (session.gc_maxlifetime). > After this period what should happen with $_SESSION["test"] in > page2.php? > > In php, session.gc_maxlifetime: ; After this number of seconds, > stored data > will be seen as 'garbage' and > ; cleaned up by the garbage collection process. > > I need to understand this and get a way to automaticly logout a user > after n > minutes of inactivity. > > My environment: > Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql > 5.4.5 > > > Best regards > holo > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
|
|
10-18-2007
|
|||
|
|||
|
Re: [PHP] Sessions - Ini settings and timeout
2007. 10. 17, szerda keltezĂ©ssel 15.10-kor Holografix ezt Ă*rta:
> Many thanks Zoltn. > > It's clear now > One more thing: session.cookie_lifetime defaults to 0 (until browser is > closed). > if setting session.cookie_lifetime to 60 can I look for > $_SESSION[session_name()] in every request ? why $_SESSION[session_name()]? I never bother with session_name and stuff like that, just put whatever I want to store in $_SESSION and voila it's there :) about session.cookie_lifetime: if the cookie expires on the client computer, the browser would not send it, so the server side would not receive the session ID, so the session data would be lost. that's good in some cases, but if you leave cookie_lifetime at its default, cookies expire when the browser is closed. that, combined with a lasttime value stored in the session, should be enough. greets Zoltán Németh > > best regards > holo > > > ""Zoltn Nmeth"" <znemeth@alterationx.hu> wrote in message > news:1192621838.5342.7.camel@localhost... > > 2007. 10. 17, szerda keltezssel 11.58-kor Holografix ezt rta: > >> I have some questions about sessions timeout and sessions ini settings. > >> > >> In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only) > >> , > >> session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch > >> this > >> values) > >> > >> I have two simple pages > >> > >> > >> page1.php > >> --------- > >> session_start(); > >> $_SESSION["test"] = "TEST"; > >> <a href="page2.php">test timeout</a> > >> > >> > >> page2.php > >> ========= > >> session_start(); > >> if (!isset($_SESSION["test"]) ) { > >> echo "no session"; die(); > >> } > >> print_r($_SESSION); > >> > >> > >> I open page1.php in the browser and only click in the link after waiting > >> more than 30 seconds (session.gc_maxlifetime). > >> After this period what should happen with $_SESSION["test"] in page2.php? > >> > >> In php, session.gc_maxlifetime: ; After this number of seconds, stored > >> data > >> will be seen as 'garbage' and > >> ; cleaned up by the garbage collection process. > >> > >> I need to understand this and get a way to automaticly logout a user > >> after n > >> minutes of inactivity. > > > > session.gc_maxlifetime is not what you are looking for. it works like at > > every request there is a 1/100 chance > > (session.gc_probability/session.gc_divisor) that the garbage collector > > will run. if it runs, and finds session data older than > > session.gc_maxlifetime, that is cleaned up. > > > > in order to achieve what you want you should store a 'last action' > > timestamp or something like that in the session, and upon each request > > check how many seconds passed since that timestamp and decide session > > validity based on that. eg: > > > > session_start(); > > if ($_SESSION['last_action_timestamp'] - time() > $max_lifetime) > > { > > // session expired > > } > > else > > { > > $_SESSION['last_action_timestamp'] = time(); > > } > > > > greets > > Zoltn Nmeth > > > >> > >> My environment: > >> Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5 > >> > >> > >> Best regards > >> holo > >> >
|
|
10-18-2007
|
|||
|
|||
|
Re: [PHP] Sessions - Ini settings and timeout
Many thanks again Zoltán.
It's working nice now. Best regards holo ""Zoltán Németh"" <znemeth@alterationx.hu> wrote in message news:1192690500.5742.4.camel@localhost... > 2007. 10. 17, szerda keltezéssel 15.10-kor Holografix ezt írta: >> Many thanks Zoltn. >> >> It's clear now >> One more thing: session.cookie_lifetime defaults to 0 (until browser is >> closed). >> if setting session.cookie_lifetime to 60 can I look for >> $_SESSION[session_name()] in every request ? > > why $_SESSION[session_name()]? > I never bother with session_name and stuff like that, just put whatever > I want to store in $_SESSION and voila it's there :) > > about session.cookie_lifetime: if the cookie expires on the client > computer, the browser would not send it, so the server side would not > receive the session ID, so the session data would be lost. that's good > in some cases, but if you leave cookie_lifetime at its default, cookies > expire when the browser is closed. that, combined with a lasttime value > stored in the session, should be enough. > > greets > Zoltán Németh > >> >> best regards >> holo >> >> >> ""Zoltn Nmeth"" <znemeth@alterationx.hu> wrote in message >> news:1192621838.5342.7.camel@localhost... >> > 2007. 10. 17, szerda keltezssel 11.58-kor Holografix ezt rta: >> >> I have some questions about sessions timeout and sessions ini >> >> settings. >> >> >> >> In php.ini I have session.gc_maxlifetime = 30 (for testing purpose >> >> only) >> >> , >> >> session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch >> >> this >> >> values) >> >> >> >> I have two simple pages >> >> >> >> >> >> page1.php >> >> --------- >> >> session_start(); >> >> $_SESSION["test"] = "TEST"; >> >> <a href="page2.php">test timeout</a> >> >> >> >> >> >> page2.php >> >> ========= >> >> session_start(); >> >> if (!isset($_SESSION["test"]) ) { >> >> echo "no session"; die(); >> >> } >> >> print_r($_SESSION); >> >> >> >> >> >> I open page1.php in the browser and only click in the link after >> >> waiting >> >> more than 30 seconds (session.gc_maxlifetime). >> >> After this period what should happen with $_SESSION["test"] in >> >> page2.php? >> >> >> >> In php, session.gc_maxlifetime: ; After this number of seconds, stored >> >> data >> >> will be seen as 'garbage' and >> >> ; cleaned up by the garbage collection process. >> >> >> >> I need to understand this and get a way to automaticly logout a user >> >> after n >> >> minutes of inactivity. >> > >> > session.gc_maxlifetime is not what you are looking for. it works like >> > at >> > every request there is a 1/100 chance >> > (session.gc_probability/session.gc_divisor) that the garbage collector >> > will run. if it runs, and finds session data older than >> > session.gc_maxlifetime, that is cleaned up. >> > >> > in order to achieve what you want you should store a 'last action' >> > timestamp or something like that in the session, and upon each request >> > check how many seconds passed since that timestamp and decide session >> > validity based on that. eg: >> > >> > session_start(); >> > if ($_SESSION['last_action_timestamp'] - time() > $max_lifetime) >> > { >> > // session expired >> > } >> > else >> > { >> > $_SESSION['last_action_timestamp'] = time(); >> > } >> > >> > greets >> > Zoltn Nmeth >> > >> >> >> >> My environment: >> >> Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql >> >> 5.4.5 >> >> >> >> >> >> Best regards >> >> holo >> >> >>
|
|
10-18-2007
|
|||
|
|||
|
Re: [PHP] Sessions - Ini settings and timeout
Hi.
Thank you very much Casey. I followed this suggestion as Zoltán also suggested and it's working nice. Best regards, holo "Casey" <heavyccasey@gmail.com> wrote in message news:169A6F49-BF41-498A-BAC0-32E4E95BC8BE@gmail.com... > You could set $_SESSION['lasttime'] to time() and check it on every page. > > > > On Oct 17, 2007, at 3:58 AM, "Holografix" <holografix@gmail.com> wrote: > >> I have some questions about sessions timeout and sessions ini settings. >> >> In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only) >> , >> session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch >> this >> values) >> >> I have two simple pages >> >> >> page1.php >> --------- >> session_start(); >> $_SESSION["test"] = "TEST"; >> <a href="page2.php">test timeout</a> >> >> >> page2.php >> ========= >> session_start(); >> if (!isset($_SESSION["test"]) ) { >> echo "no session"; die(); >> } >> print_r($_SESSION); >> >> >> I open page1.php in the browser and only click in the link after waiting >> more than 30 seconds (session.gc_maxlifetime). >> After this period what should happen with $_SESSION["test"] in >> page2.php? >> >> In php, session.gc_maxlifetime: ; After this number of seconds, stored >> data >> will be seen as 'garbage' and >> ; cleaned up by the garbage collection process. >> >> I need to understand this and get a way to automaticly logout a user >> after n >> minutes of inactivity. >> >> My environment: >> Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql >> 5.4.5 >> >> >> Best regards >> holo >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >>
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 09:55 AM.
