session question

[Ninjakreborn]

[quote]startup
session.cookie_lifetime  = 14400[/quote]
How do I set this to infinite.  I am creating myself an admin page, it'll only be me logging in, I am using sessions.  Even if someone hacks it, it won't be that big of a deal, it's mostly for testing purposes, and to make my site easier to update, and take care of when needed, since I don't normally have a lot of time to work on it, what do I set that to, to get infinite.

[wildteen88]

If want it to be infinitie I believe you can use 0 as the value

This will mean the session will stay alive until the user closes the browser.

[Ninjakreborn]

That's what I dislike, I moved it from 0 to the number I showed to give it a 4 hours time period.  I want it to stay active forever though, meaning not just 4 hours, not just 6 hours, but indefinitely.

[wildteen88]

You cannot do that. As the session is automatically destoryed when the user closes the browser, with or without a session.cookie_lifetime. If you are doing a login type system any you want the user to be logged in all the time, you'll want to setup a cookie which holds a special id to restart the sessions again whne the user returns.

[Ninjakreborn]

[code]As the session is automatically destoryed when the user closes the browser, with or without a session.cookie_lifetime.[/code]
That might sound logical, but run this test.  Set the area of php.ini I told you to
14400
That is 4 hours.
Now create your login page, your session calls
set like
$_SESSION['username'] = $username
or however you run your sessions, just create a regular login page.  Don't touch your ini file, close the browser, come back and you are logged out.  Now, go into your php.ini and change that line of code I showed above to 14400, which as I said was 4 hours.  Now go and upload it, go back to your site, login, and close the browser.  Come back and you are still logged in, for a time period of 4 hours, period, it uses a cookie, even when you have it to 0, it still set's  a cookie, with a session id on your server, unless you do custom session handling.  I can make a cookie stay for 4 hours, I can make one stay for 8, 16 42 hours, if I calculated the amount of itme, but I wanted to check to see if there was some text that makes it permanent.

[Ninjakreborn]

There is a way to prevent it from sending a cookie, but you have to set the session id's in  your url's and that by what I read is a security flaw, and is open to an easier form of attack.  when you set it to cookies(it's like that by default), then it automatically, pulls the session id from the cookie each visit, and invisibly strings the session id in the url, where you can't see it with your normal eye.

[Ninjakreborn]

I also found this

[code]session.cookie_lifetime integer
session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means "until the browser is closed." Defaults to 0. See also session_get_cookie_params() and session_set_cookie_params(). [/code]
That was from php.net.
When that parameter is set to 0 A cookie is sent to the browser, and it passes the session id, using that cookie, when the browser is closed, then it destroyes the cookie, but it is indeed a cookie.  THen if you set the maxlifetime up to say an hour, it sends a cookie for one hour, the cookie is deleted after 1 hour, even if they are in the middle of something, I picked 4 hours as a decent range, but I am looking around to see if there is a permanent mode, to keep the cookie permanently active, passing it something other than a number.

[wildteen88]

There is no setting to make a session stay live for infinity. Instead what you'll want to do is use make it expire after a year use 31536000 as the value. if you want it last longer than a year multiple that number by the number of years you want the session to stay alive for. However a year is ample. As I dought most users kep their cookies for long.

[Ninjakreborn]

ahh good idea, 1 year, I will do that, it's not for all users however only me, I will be the only one to ever login, it's just admin on my own site.  but 1 year, would be great, thanks, by the way for informational purposes, if you ever need to figure out how long, put down
1 year in second
or 10 hours in seconds
or something similar into google, and it calculates it for you.
The same with definitions
define: word
and other stuff, you can also calculate distances a little bit, if there not too far apart.

[wildteen88]

You can easily work how many secounds are in a say 10 years by first working out how many secounds are in an hour, which is 3600 (60 (seconds in a minute) * 60 (minutes in an hour))
To get the numer of secounds in a day times 3600 by 24 which is 86400. Now times that by 365 days to get the total number of secounds in a year which is 31536000 secounds. Now times that by 10 to get the number of secounds in 10years.

[Ninjakreborn]

Is there a maximum amount of seconds you can set that too though?

[wildteen88]

As far as I can see there is no limit.

[Ninjakreborn]

thanks.