Jump to content

Extending PHP session timeout

Prodigal Son

By Prodigal Son
in PHP Coding Help

 Share

Recommended Posts

premiso Regular Member

premiso

Posted
Posted 

ini_set("session.gc_maxlifetime", 3600);

 

This assumes you are allowed to use ini_set. and the $timeout you were setting it to I do not think was accurate.

 

To check use ini_get and see.

Used ini_get and it printed out 3600. But the session still doesn't last an hour.

 

I would define that in the .htaccess file instead of ini_set to be honest.

Link to comment
Share on other sites
Prodigal Son Member

Prodigal Son

Posted
  • Author
Posted

Hmm, I noticed something weird happening. After I use ini_set to change the session timeout, it makes the timeouts random it seems. For example, before when I had my default session timeout at 24 minutes, everytime the session would expire at that time. But now it can expire at random times, sometimes it can last up to half an hour or so, sometimes the session dies in even 1-2 minutes. I have googled this and found someone had the same problem, but never got an answer.

 

I tested with almost a blank page to make sure it wasn't some other code interfering, but the same still happens. Anyone have a similar experience?

Link to comment
Share on other sites
premiso Regular Member

premiso

Posted
Posted

Are you on shared hosting or a dedicated server?

Shared. Could that be the problem?

 

Very well. Shared hosting is very unsecure and chances are you do not have alot of permissions on it. Thus you cannot set your own timeouts cause you cannot access the php.ini and probably cannot use the ini_set feature either. I bet the .htaccess version is also blocked for "Security" reasons by your host.

 

Glad I have a dedicated server =)

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

 

 

When the session data files are stored in the default folder, the shortest session.gc_maxlifetime setting of all the scripts running on that server is what wins. Someone probably has set it to a short value in order to cause sessions to end to log someone out instead of correctly coding their application to handle the log out in the application.

 

You should set the session.save_path to be to a private folder that is within your account's folder tree. The best place for a folder to hold the session data files is in a folder that is outside of your document root folder (closer to the root of the disk). If you are not able to create a folder at that point in the folder tree, you will need to create a folder inside your document root folder and you will need to add a .htaccess file in it to prevent access to all http requests so that someone that guesses the folder name cannot attempt to access the session data files.

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

PFMaBiSmAd be nice if u gave a full description on ur findings for us all.

 

I do understand your explanation but a written example be nice for me to print out for reference.

 

Thank u for pointing out this cheers m8.

 

Only if u got time once agin thank you nice info.

 

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.