Results 1 to 15 of 15
  1. #1

    my session never expire

    Hi,

    I have written an application that (supposed to) use session.

    this is what`s at the header of each file:

    session_cache_limiter('private');
    session_cache_expire(30);
    session_start();

    when someone log in, I set the $_Session:

    //the first_name comes from MySQL database.
    $_SESSION['name']=$row['first_name'];

    now, when I go back to the main page (index.php) there is the code:

    if (isset($_SESSION['name']))
    {
    echo 'Hello, ',$_SESSION['name'],', and wellcome back.<br>';
    }
    else
    {
    echo 'Hello, Guest.<br>';
    };


    The problem is that after a user logged in, the session stays forever (untill someone else logs). I left it the whole night, and when I came back and refreshed (on 'index.php') I still got the $_SESSION['name'] with the last user that entered the system.

    Do you know what`s wrong?
    Tnx,

    Scheiner

  2. #2
    check the logout.php file...does it destroy the sesson?....

  3. #3
    Originally posted by robertson
    check the logout.php file...does it destroy the sesson?....
    What is the logout.php file- is that something that I need to write? I just want the session to be expired after 30 minutes, without the user have to logout.

    Scheiner

  4. #4
    Join Date
    Mar 2003
    Location
    Austin, Texas USA
    Posts
    14
    You might want to try using the phpinfo() function and check your server's php.ini values for session.gc_maxlifetime and session.cookie_lifetime. You might want to try using PHP's ini_set() function to adjust these times: http://us2.php.net/manual/en/function.ini-set.php

    If that does not work, you might want to consider saving the session login timestamp to a database and comparing the timestamp to the current time in each of your PHP pages. This will definitely add more overhead to your scripts than using PHP's session functions, but it would work as a last resort.
    Quality Web Hosting since 1996 backed by award-winning customer service.
    http://www.webii.net - Web Hosting services
    http://www.webxess.net - Web Development services
    http://www.sitereserve.com - Domain Registration services

  5. #5
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    4,721
    you want to use:

    PHP Code:
    ini_set('session.gc_maxlifetime',[1800]);
    session_start(): 

    edit: helps if i spell session correctly lol
    Last edited by Ash; 04-12-2004 at 05:53 PM.
    Hyperconfused (™)

  6. #6
    I tried it but it doesn`t work either :-(

    This is what I`m writing in each header:

    session_cache_limiter('private');
    ini_set('session.gc_maxlifetime',"1800");
    session_start();

    However, when the User logs in, and then go back to the Index.php:

    if (isset($_SESSION['name']))
    {
    echo 'Hello, ',$_SESSION['name'],', and wellcome back.<br>';
    }
    else
    {
    echo 'Hello, Guest.<br>';
    };


    No matter how much I wait on the page. when I`m refreshing it- it still remmember the name of the user last logged it.

    Any ideas?

    Tnx,
    Scheiner

  7. #7
    Join Date
    Mar 2003
    Location
    Austin, Texas USA
    Posts
    14
    I'm not sure why that isn't working, but you might want to try my second suggestion of writing the user's login time to your database and comparing the login time to the current time in order to determine whether the session has expired. There's an article here http://www.devarticles.com/c/a/MySQL...HP-Sessions/2/ that describes how to manage sessions using this method.

    As I said previously, though, this will definitely add some overhead to your system since database connections are more expensive than using PHP sessions.
    Quality Web Hosting since 1996 backed by award-winning customer service.
    http://www.webii.net - Web Hosting services
    http://www.webxess.net - Web Development services
    http://www.sitereserve.com - Domain Registration services

  8. #8
    Something really weird happened: I changed the "session.gc_maxlifetime" to 4 (in all files) :

    ini_set('session.gc_maxlifetime',"4");

    now, when someone is loggin in, and then go back to the index.php, it looks like the session expired (it says "hello guest"). now if stay on the page change it back to:

    ini_set('session.gc_maxlifetime',"180");

    and then I do refresh to the index.php, it "recover" the old session (with the last user loged in profile!).

    Can someone here solve the mystery?

    scheiner

  9. #9
    Join Date
    Jun 2003
    Posts
    158
    Are you sure you are not pulling the same row out of the database each time?

  10. #10
    yes, I`m sure... I checked it as well- After loggin in, I am moving to a page that do not deal with the database; it gets the info only from the session.

    scheiner

  11. #11
    Join Date
    Jun 2003
    Posts
    158
    Have you tried testing the code on another webserver?
    This would be the best way to diagnose the problem.

  12. #12
    Actually I haven`t. it is still placed on my personal computer.

    I will u/l it to my site and check it.

    Tnx,
    Scheiner

  13. #13
    Did you find a sollution for the problem?
    I seem to have a simular problem.

  14. #14
    As a temporary measure you could set an additional Session field to hold the "Last Activity" from the user (using time()). Each time the session is checked, the time difference could be checked server side...

    It's not ideal, but it will do the job.

  15. #15
    Join Date
    Dec 2003
    Location
    Tampa Area FL
    Posts
    27
    i believe your problem is that PHP calls its garbage collection function when a page is loaded. so if you dont have multiple users crawling across your site the garbage collection function is not called until you refresh your page. except that when you refresh your page your session is updated, meaning that your session is updated so when the garbage collection function is called your session is not old. closing your browser out and comming back to the site after the expire time should work though. a work around to this if you want to ensure that everyone times out after the 30 minute period would be to create a logout.php or something of the like with session_destroy(); then create a nice javascript timer that redirects them to logout.php after 30 mins.

    just a suggestion hope it helps
    Erik S.
    Developer / Owner

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •