Jump to content

[SOLVED] Why is my session not timingout?

pneudralics

By pneudralics
in PHP Coding Help

 Share

Recommended Posts

JonnoTheDev Regular Member

JonnoTheDev

Posted
Posted

Because session_start() will start a session.

Your protected pages should check for a value within the session and redirect if not found

i.e.

// check that the customerId value is set in the session
if(!is_numeric($_SESSION['customerId'])) {
  header("Location:login.php");
  exit();
}

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

The only purpose of session garbage collection is to delete old session data files. Garbage collection runs randomly, so, the session data files randomly exist a long time after they are older than the session.gc_maxlifetime value. You should not rely on session garbage collection for any functional purpose in your application.

 

If you want something in your application to test if the last access time was greater than a value you pick, you must store the time of the last access and then check on each new access if that time is farther in the past than the value you pick and take appropriate action in your code if it is.

Link to comment
Share on other sites
premiso Regular Member

premiso

Posted
Posted
session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. Garbage collection occurs during session start.

From : http://us2.php.net/manual/en/session.configuration.php

 

It does not time sessions out. That has nothing to do with session timeout.

 

This is what you want:

  session.cookie_lifetime  integer

    session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means "until the browser is closed." Defaults to 0. See also session_get_cookie_params and session_set_cookie_params

 

From the same page above.

Link to comment
Share on other sites
Brian W Regular Member

Brian W

Posted
Posted

example for doing this in the code

<?php
session_start();
if((time() - $_SESSION['last_access']) > 5){
$_SESSION['last_access'] = time();
die("Session timed out");
} else {
$_SESSION['last_access'] = time();
die("Good, you refreshed before 5 seconds");
}
?>

Link to comment
Share on other sites
premiso Regular Member

premiso

Posted
Posted

This is what you want:

  session.cookie_lifetime  integer

    session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means "until the browser is closed." Defaults to 0. See also session_get_cookie_params and session_set_cookie_params

 

From the same page above.

 

Set the timeout to be however long you want, a year, a day etc.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.