pneudralics Posted May 6, 2009 Share Posted May 6, 2009 Below code should time out session in 5 seconds? (Just testing). I login, don't touch anything for more than 5 seconds, refresh the page and I still have my session? ini_set('session.gc_maxlifetime', 5); session_start(); Link to comment https://forums.phpfreaks.com/topic/157106-solved-why-is-my-session-not-timingout/ Share on other sites More sharing options...
JonnoTheDev Posted May 6, 2009 Share Posted May 6, 2009 Because session_start() will start a session. Your protected pages should check for a value within the session and redirect if not found i.e. // check that the customerId value is set in the session if(!is_numeric($_SESSION['customerId'])) { header("Location:login.php"); exit(); } Link to comment https://forums.phpfreaks.com/topic/157106-solved-why-is-my-session-not-timingout/#findComment-827667 Share on other sites More sharing options...
PFMaBiSmAd Posted May 6, 2009 Share Posted May 6, 2009 The only purpose of session garbage collection is to delete old session data files. Garbage collection runs randomly, so, the session data files randomly exist a long time after they are older than the session.gc_maxlifetime value. You should not rely on session garbage collection for any functional purpose in your application. If you want something in your application to test if the last access time was greater than a value you pick, you must store the time of the last access and then check on each new access if that time is farther in the past than the value you pick and take appropriate action in your code if it is. Link to comment https://forums.phpfreaks.com/topic/157106-solved-why-is-my-session-not-timingout/#findComment-827669 Share on other sites More sharing options...
premiso Posted May 6, 2009 Share Posted May 6, 2009 session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. Garbage collection occurs during session start. From : http://us2.php.net/manual/en/session.configuration.php It does not time sessions out. That has nothing to do with session timeout. This is what you want: session.cookie_lifetime integer session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means "until the browser is closed." Defaults to 0. See also session_get_cookie_params and session_set_cookie_params From the same page above. Link to comment https://forums.phpfreaks.com/topic/157106-solved-why-is-my-session-not-timingout/#findComment-827674 Share on other sites More sharing options...
Brian W Posted May 6, 2009 Share Posted May 6, 2009 example for doing this in the code <?php session_start(); if((time() - $_SESSION['last_access']) > 5){ $_SESSION['last_access'] = time(); die("Session timed out"); } else { $_SESSION['last_access'] = time(); die("Good, you refreshed before 5 seconds"); } ?> Link to comment https://forums.phpfreaks.com/topic/157106-solved-why-is-my-session-not-timingout/#findComment-827677 Share on other sites More sharing options...
pneudralics Posted May 6, 2009 Author Share Posted May 6, 2009 Thanks... Now what can I do to prevent session timeout when they close the browser? Link to comment https://forums.phpfreaks.com/topic/157106-solved-why-is-my-session-not-timingout/#findComment-827689 Share on other sites More sharing options...
premiso Posted May 6, 2009 Share Posted May 6, 2009 This is what you want: session.cookie_lifetime integer session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means "until the browser is closed." Defaults to 0. See also session_get_cookie_params and session_set_cookie_params From the same page above. Set the timeout to be however long you want, a year, a day etc. Link to comment https://forums.phpfreaks.com/topic/157106-solved-why-is-my-session-not-timingout/#findComment-827692 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.