extend session timer by using htaccess file

[drumhrd]

Hello all.  I have a web form where my users will be uploading very large files.  I do not want to time out the session during this so I want to extend the session.  I have read several places that a simple .htaccess will do the trick.

 

I added the php_value entries to my existing .htaccess file as below

 

Options +FollowSymlinks
php_value session.cookie_maxlifetime 86400
php_value session.gc_maxlifetime 86400
php_value session.save_path /var/www/sessions

<IfModule mod_rewrite.c>
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} s
RewriteRule ^(.*)$ https://www.artists2you.com/s/$1 [R,L]
</IfModule>

 

 

my issue is that these options do not seem to be taking affect.  I view phpinfo(); and these items are not changed.  I set the timers really short, like 60 seconds to see if my sessions would clear..but they didn't.

 

So am I doing something wrong here?  Please help

 

thanks!!!!!!!

[PFMaBiSmAd]

It is likely that the web server is setup to prevent you from overridding settings in a .htaccess file.  There needs to be an appropriate Apache AllowOverride setting in order for you to be able change settings through a .htaccess file.

 

Any instructions stating you can put php settings into a .htaccess file when php is running as an Apache Module, come with an implied "and your web host permits it."

[drumhrd]

ok well..I went into my default-ssl and set AllowOverride all

 

 

but now I loose my session between my HTTP and HTTPS.

 

I attempted to set my 000-default to set AllowOverride all..but now I get a 500 internal server error

[PFMaBiSmAd]

but now I loose my session between my HTTP and HTTPS.

That's correct. That's because browsers don't pass any cookies back and forth between HTTP and HTTPS protocols. They maintain separate cookie caches to prevent the HTTPS session from being hijacked once it has been accessed through HTTP. If you have something important enough to use HTTPS, you need to establish the session using HTTPS.

 

I attempted to set my 000-default to set AllowOverride all..but now I get a 500 internal server error

You would need to post the actual settings for someone to help with them. Also, examine you web server error log for more information about what is causing the error.

 

Also, is php actually running as an Apache Module or is it running as a CGI application?

[drumhrd]

ok so maybe there is a better way to do what I need????

 

basically..when a user hits this download site I need to extend the session WAY out because they will be uploading very large files. 

[PFMaBiSmAd]

A session consists of the session id from the browser and the matching session data files on the server. To prevent the session data files from being deleted on the server you must set session.gc_maxlifetime to a longer value.

 

You apparently have root access to your web server. Why not just change that value in the master php.ini?

[drumhrd]

this is my lab server..I am trying to make a hosting friendly option.

[PFMaBiSmAd]

I am trying to make a hosting friendly option.

.htaccess files are specific to Apache and php settings can only be put into a .htaccess file when php is running as an Apache Module and as you found out, only when the web host has permitted php settings to be changed using a .htaccess file.

 

A local php.ini is specific to php running as a CGI application and only when the web host has permitted php settings to be changed using a local php.ini

 

The only universal solution for the session.gc_maxlifetime setting is to put it into the code before every session_start() statement. You would also need to set the session.save_path before every session_start() so that it points to a private folder so that only your session settings apply to your session data files.

[drumhrd]

how do I go about adding that to my code since every page has a session_start();  I think that is probably the best way to go

[PFMaBiSmAd]

Most applications include/require a configuration file and any functions/classes as the first thing they do. You would put any global application settings like session.gc_maxlifetime and session.save_path into an "initialization" function and call that before the session_start() statement.