Results 1 to 15 of 15
Thread: my session never expire
-
04-12-2004, 03:58 AM #1WHT Addict
- Join Date
- Nov 2002
- Posts
- 101
my session never expire
Hi,
I have written an application that (supposed to) use session.
this is what`s at the header of each file:
session_cache_limiter('private');
session_cache_expire(30);
session_start();
when someone log in, I set the $_Session:
//the first_name comes from MySQL database.
$_SESSION['name']=$row['first_name'];
now, when I go back to the main page (index.php) there is the code:
if (isset($_SESSION['name']))
{
echo 'Hello, ',$_SESSION['name'],', and wellcome back.<br>';
}
else
{
echo 'Hello, Guest.<br>';
};
The problem is that after a user logged in, the session stays forever (untill someone else logs). I left it the whole night, and when I came back and refreshed (on 'index.php') I still got the $_SESSION['name'] with the last user that entered the system.
Do you know what`s wrong?
Tnx,
Scheiner
-
04-12-2004, 12:04 PM #2WHT Addict
- Join Date
- Dec 2003
- Posts
- 132
check the logout.php file...does it destroy the sesson?....
-
04-12-2004, 12:55 PM #3WHT Addict
- Join Date
- Nov 2002
- Posts
- 101
Originally posted by robertson
check the logout.php file...does it destroy the sesson?....
Scheiner
-
04-12-2004, 05:27 PM #4Newbie
- Join Date
- Mar 2003
- Location
- Austin, Texas USA
- Posts
- 14
You might want to try using the phpinfo() function and check your server's php.ini values for session.gc_maxlifetime and session.cookie_lifetime. You might want to try using PHP's ini_set() function to adjust these times: http://us2.php.net/manual/en/function.ini-set.php
If that does not work, you might want to consider saving the session login timestamp to a database and comparing the timestamp to the current time in each of your PHP pages. This will definitely add more overhead to your scripts than using PHP's session functions, but it would work as a last resort.Quality Web Hosting since 1996 backed by award-winning customer service.
http://www.webii.net - Web Hosting services
http://www.webxess.net - Web Development services
http://www.sitereserve.com - Domain Registration services
-
04-12-2004, 05:47 PM #5Retired Moderator
- Join Date
- Apr 2003
- Location
- London, UK
- Posts
- 4,721
you want to use:
PHP Code:ini_set('session.gc_maxlifetime',[1800]);
session_start():
edit: helps if i spell session correctly lolLast edited by Ash; 04-12-2004 at 05:53 PM.
Hyperconfused (™)
-
04-13-2004, 02:06 PM #6WHT Addict
- Join Date
- Nov 2002
- Posts
- 101
I tried it but it doesn`t work either :-(
This is what I`m writing in each header:
session_cache_limiter('private');
ini_set('session.gc_maxlifetime',"1800");
session_start();
However, when the User logs in, and then go back to the Index.php:
if (isset($_SESSION['name']))
{
echo 'Hello, ',$_SESSION['name'],', and wellcome back.<br>';
}
else
{
echo 'Hello, Guest.<br>';
};
No matter how much I wait on the page. when I`m refreshing it- it still remmember the name of the user last logged it.
Any ideas?
Tnx,
Scheiner
-
04-13-2004, 03:04 PM #7Newbie
- Join Date
- Mar 2003
- Location
- Austin, Texas USA
- Posts
- 14
I'm not sure why that isn't working, but you might want to try my second suggestion of writing the user's login time to your database and comparing the login time to the current time in order to determine whether the session has expired. There's an article here http://www.devarticles.com/c/a/MySQL...HP-Sessions/2/ that describes how to manage sessions using this method.
As I said previously, though, this will definitely add some overhead to your system since database connections are more expensive than using PHP sessions.Quality Web Hosting since 1996 backed by award-winning customer service.
http://www.webii.net - Web Hosting services
http://www.webxess.net - Web Development services
http://www.sitereserve.com - Domain Registration services
-
04-13-2004, 03:40 PM #8WHT Addict
- Join Date
- Nov 2002
- Posts
- 101
Something really weird happened: I changed the "session.gc_maxlifetime" to 4 (in all files) :
ini_set('session.gc_maxlifetime',"4");
now, when someone is loggin in, and then go back to the index.php, it looks like the session expired (it says "hello guest"). now if stay on the page change it back to:
ini_set('session.gc_maxlifetime',"180");
and then I do refresh to the index.php, it "recover" the old session (with the last user loged in profile!).
Can someone here solve the mystery?
scheiner
-
04-14-2004, 12:54 AM #9WHT Addict
- Join Date
- Jun 2003
- Posts
- 158
Are you sure you are not pulling the same row out of the database each time?
-
04-14-2004, 07:17 AM #10WHT Addict
- Join Date
- Nov 2002
- Posts
- 101
yes, I`m sure... I checked it as well- After loggin in, I am moving to a page that do not deal with the database; it gets the info only from the session.
scheiner
-
04-15-2004, 06:53 AM #11WHT Addict
- Join Date
- Jun 2003
- Posts
- 158
Have you tried testing the code on another webserver?
This would be the best way to diagnose the problem.
-
04-15-2004, 07:07 AM #12WHT Addict
- Join Date
- Nov 2002
- Posts
- 101
Actually I haven`t. it is still placed on my personal computer.
I will u/l it to my site and check it.
Tnx,
Scheiner
-
10-22-2004, 08:44 AM #13New Member
- Join Date
- Oct 2004
- Posts
- 1
Did you find a sollution for the problem?
I seem to have a simular problem.
-
10-22-2004, 02:17 PM #14Newbie
- Join Date
- Jul 2004
- Posts
- 23
As a temporary measure you could set an additional Session field to hold the "Last Activity" from the user (using time()). Each time the session is checked, the time difference could be checked server side...
It's not ideal, but it will do the job.
-
10-22-2004, 02:25 PM #15Newbie
- Join Date
- Dec 2003
- Location
- Tampa Area FL
- Posts
- 27
i believe your problem is that PHP calls its garbage collection function when a page is loaded. so if you dont have multiple users crawling across your site the garbage collection function is not called until you refresh your page. except that when you refresh your page your session is updated, meaning that your session is updated so when the garbage collection function is called your session is not old. closing your browser out and comming back to the site after the expire time should work though. a work around to this if you want to ensure that everyone times out after the 30 minute period would be to create a logout.php or something of the like with session_destroy(); then create a nice javascript timer that redirects them to logout.php after 30 mins.
just a suggestion hope it helpsErik S.
Developer / Owner