Jump to content

session question


Ninjakreborn

Recommended Posts

[quote]startup
session.cookie_lifetime  = 14400[/quote]
How do I set this to infinite.  I am creating myself an admin page, it'll only be me logging in, I am using sessions.  Even if someone hacks it, it won't be that big of a deal, it's mostly for testing purposes, and to make my site easier to update, and take care of when needed, since I don't normally have a lot of time to work on it, what do I set that to, to get infinite.
Link to comment
Share on other sites

You cannot do that. As the session is automatically destoryed when the user closes the browser, with or without a session.cookie_lifetime. If you are doing a login type system any you want the user to be logged in all the time, you'll want to setup a cookie which holds a special id to restart the sessions again whne the user returns.
Link to comment
Share on other sites

[code]As the session is automatically destoryed when the user closes the browser, with or without a session.cookie_lifetime.[/code]
That might sound logical, but run this test.  Set the area of php.ini I told you to
14400
That is 4 hours.
Now create your login page, your session calls
set like
$_SESSION['username'] = $username
or however you run your sessions, just create a regular login page.  Don't touch your ini file, close the browser, come back and you are logged out.  Now, go into your php.ini and change that line of code I showed above to 14400, which as I said was 4 hours.  Now go and upload it, go back to your site, login, and close the browser.  Come back and you are still logged in, for a time period of 4 hours, period, it uses a cookie, even when you have it to 0, it still set's  a cookie, with a session id on your server, unless you do custom session handling.  I can make a cookie stay for 4 hours, I can make one stay for 8, 16 42 hours, if I calculated the amount of itme, but I wanted to check to see if there was some text that makes it permanent.
Link to comment
Share on other sites

There is a way to prevent it from sending a cookie, but you have to set the session id's in  your url's and that by what I read is a security flaw, and is open to an easier form of attack.  when you set it to cookies(it's like that by default), then it automatically, pulls the session id from the cookie each visit, and invisibly strings the session id in the url, where you can't see it with your normal eye.
Link to comment
Share on other sites

I also found this

[code]session.cookie_lifetime integer
session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means "until the browser is closed." Defaults to 0. See also session_get_cookie_params() and session_set_cookie_params(). [/code]
That was from php.net.
When that parameter is set to 0 A cookie is sent to the browser, and it passes the session id, using that cookie, when the browser is closed, then it destroyes the cookie, but it is indeed a cookie.  THen if you set the maxlifetime up to say an hour, it sends a cookie for one hour, the cookie is deleted after 1 hour, even if they are in the middle of something, I picked 4 hours as a decent range, but I am looking around to see if there is a permanent mode, to keep the cookie permanently active, passing it something other than a number.

Link to comment
Share on other sites

There is no setting to make a session stay live for infinity. Instead what you'll want to do is use make it expire after a year use 31536000 as the value. if you want it last longer than a year multiple that number by the number of years you want the session to stay alive for. However a year is ample. As I dought most users kep their cookies for long.
Link to comment
Share on other sites

ahh good idea, 1 year, I will do that, it's not for all users however only me, I will be the only one to ever login, it's just admin on my own site.  but 1 year, would be great, thanks, by the way for informational purposes, if you ever need to figure out how long, put down
1 year in second
or 10 hours in seconds
or something similar into google, and it calculates it for you.
The same with definitions
define: word
and other stuff, you can also calculate distances a little bit, if there not too far apart.
Link to comment
Share on other sites

You can easily work how many secounds are in a say 10 years by first working out how many secounds are in an hour, which is 3600 (60 (seconds in a minute) * 60 (minutes in an hour))
To get the numer of secounds in a day times 3600 by 24 which is 86400. Now times that by 365 days to get the total number of secounds in a year which is 31536000 secounds. Now times that by 10 to get the number of secounds in 10years.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.