Making a session expire problem... *SOLVED*

[pocobueno1388]

I am trying to make it so that if a user on my site is not active for 30 minutes, it will automatically log them out.
I tried using [tt]session.gc_maxlifetime[/tt]. So either it doesn't work, or I am not using it correcty.

If somone could show me how to use it, or what I could use instead, please let me know. Also, it would be helpful if you could just add it to this code, because I don't know where to put it.

[code]session_start();
$sid=$_SESSION['playerid'];[/code]

Thanks XD

[Woolf]

Well, there are a couple of ways to do this. I'm going to suggest the easiest way first, however, it is up to you how you use it.

Your idea of using 'session.gc_maxlifetime' is correct, however, how are you setting it? Here's how it should be done. At the top of your script(s) file, enter the following line:
[i]ini_set('session.gc_maxlifetime', '1800');[/i]

ini_set lets the PHP script know that we're setting a variable to override the default variable as set in your hosts' php.ini file. 'session.gc_maxlifetime' is the name of the variable you're overriding, in this case it's the time of which a session should last. The '1800' is the time (in seconds) in which the session should last.


An alternative way, if the first way does not work, is to set a session called 'last_active' on every page. The value should contain the current time. Then, on each page, you can grab the last_active session and compare it with the current time. If the last_active session is more than thirty minutes, you can destroy the session with session_destroy().

If you're going to use the alternative way, let me know... I'll explain it in more detail.

[pocobueno1388]

Tell me if there is anything wrong with the code now that I added what you told me too.

[code]
<?php

include "config.php";

ini_set('session.gc_maxlifetime', '5');

session_start(); // Maintainsessionstate


$sid=$_SESSION['playerid'];

if(empty($sid)){

print "You must be logged in to view this page. <a

href='index.php'>Login here.</a>";
exit;
}
$ip = "$HTTP_SERVER_VARS[REMOTE_ADDR]";
mysql_query("update players set ip='$ip', last_login=NOW()

where playerID='$sid'");

?>

[/code]

this is just the top part of my header.php script. It is called on every page with an 'include'.

[code]
ini_set('session.gc_maxlifetime', '5');[/code] Isn't seeming to effect anything. I set it to '5' just to test it...but it's not working. Any suggestions?

[Woolf]

I'm not sure it would make a difference, but you may want to try putting the ini_set... before the config.php include. Let me know if that does/doesn't work.

[pocobueno1388]

You don't think the '5' will make a difference?

It still won't work, here is the code now:
[code]
<?php


ini_set('session.gc_maxlifetime', '5');

include "config.php";

session_start(); // Maintainsessionstate

$sid=$_SESSION['playerid'];

if(empty($sid)){

print "You must be logged in to view this page. <a

href='index.php'>Login here.</a>";
exit;
}
$ip = "$HTTP_SERVER_VARS[REMOTE_ADDR]";
mysql_query("update players set ip='$ip', last_login=NOW()

where playerID='$sid'");

?>
[/code]

If the '5' doesn't make a difference, am I just going to have to wait the 1800 seconds to find out if it works?

[Woolf]

Sorry, I meant that I didn't think it would make a difference where the ini_set was, not the five.

Anyway, I looked it up and gc_maxlifetime is not what you're looking for. And after thinking it through, it probably wouldn't work the way you would expect anyway.


Anyway, let's try this.

[code]<?php


include "config.php";

session_start(); // Maintainsessionstate

//No session set (first time user visited)
if(!isset($_SESSION['last_active'])){
//Set the Session
$_SESSION['last_active'] = time();
}

//Session set, but user not active for more than thirty minutes
elseif($_SESSION['last_active'] < time()-1800){
print "Your session timed out.";
exit;
}

//Session set, and the user has been active for under thirty minutes
elseif($_SESSION['last_active'] >= time()-1800){
//Update session with current time
$_SESSION['last_active'] = time();
}


$sid=$_SESSION['playerid'];

if(empty($sid)){

print "You must be logged in to view this page. <a

href='index.php'>Login here.</a>";
exit;
}
$ip = "$HTTP_SERVER_VARS[REMOTE_ADDR]";
mysql_query("update players set ip='$ip', last_login=NOW()

where playerID='$sid'");

?>[/code]

That should, in theory, work. Let me know how it goes.

[pocobueno1388]

That would work great, but there is one problem. I set it to expire in 10 seconds, and it worked. But then I tried to log in again, and it said that my session was expired. So it isn't reseting or something...how do I fix this?

By the way, thank you sooo much for your help XD

[Woolf]

Silly me! I forgot to destroy the session. Here,

[code]<?php


include "config.php";

session_start(); // Maintainsessionstate

//No session set (first time user visited)
if(!isset($_SESSION['last_active'])){
//Set the Session
$_SESSION['last_active'] = time();
}

//Session set, but user not active for more than thirty minutes
elseif($_SESSION['last_active'] < time()-1800){
print "Your session timed out.";

//Destroy the session
$_SESSION['last_active'] = '';
exit;
}

//Session set, and the user has been active for under thirty minutes
elseif($_SESSION['last_active'] >= time()-1800){
//Update session with current time
$_SESSION['last_active'] = time();
}


$sid=$_SESSION['playerid'];

if(empty($sid)){

print "You must be logged in to view this page. <a

href='index.php'>Login here.</a>";
exit;
}
$ip = "$HTTP_SERVER_VARS[REMOTE_ADDR]";
mysql_query("update players set ip='$ip', last_login=NOW()

where playerID='$sid'");

?>[/code]

[pocobueno1388]

Hmm...still getting the same problem.

[Woolf]

Hmm, it's probably because I essentially did not 'destroy' the session (because I do not know if you have any other session variables), instead, I just made it 'blank'. And in the first if variable where it sets the last visit, I told it to check if it was set, well.. it was, it was just empty.

Anyway, I've changed it so that it will create a new last_visit session if the session is empty, and it will not give you any time out errors or anything unless the session is not empty.

[code]//No session set (first time user visited)
if(empty($_SESSION['last_active'])){
//Set the Session
$_SESSION['last_active'] = time();
}

//Session set, but user not active for more than thirty minutes
elseif(!empty($_SESSION['last_active']) && $_SESSION['last_active'] < time()-1800){
print "Your session timed out.";

//Destroy the session
$_SESSION['last_active'] = '';
exit;
}

//Session set, and the user has been active for under thirty minutes
elseif(!empty($_SESSION['last_active']) && $_SESSION['last_active'] >= time()-1800){
//Update session with current time
$_SESSION['last_active'] = time();
}[/code]

Replace the old section with the code above.

Let me know if that works.

[pocobueno1388]

The session won't time out now =( Here is the code I have in:

[code]
<?php


include "config.php";

session_start(); // Maintainsessionstate

//No session set (first time user visited)
if(!empty($_SESSION['last_active'])){
//Set the Session
$_SESSION['last_active'] = time();
}

//Session set, but user not active for more than thirty minutes
elseif(!empty($_SESSION['last_active']) && $_SESSION['last_active'] < time()-10){
print "Your session timed out.";

//Destroy the session
$_SESSION['last_active'] = '';
exit;
}

//Session set, and the user has been active for under thirty minutes
elseif(!empty($_SESSION['last_active']) && $_SESSION['last_active'] >= time()-10){
//Update session with current time
$_SESSION['last_active'] = time();
}


$sid=$_SESSION['playerid'];

if(empty($sid)){

print "You must be logged in to view this page. <a

href='index.php'>Login here.</a>";
exit;
}
$ip = "$HTTP_SERVER_VARS[REMOTE_ADDR]";
mysql_query("update players set ip='$ip', last_login=NOW()

where playerID='$sid'");

?>
[/code]

[Woolf]

You caught me a couple seconds before I reviewed the post... if you look at my post, I removed the exclamation point from the first empty :)

[pocobueno1388]

Haha. It works now! Thank you so much for all your help.

[Woolf]

You are most certainly welcome. Please let me know if you need any more help with anything.

P.S. If you wish, you may edit the original post title and place a [solved] (or [resolved].. whatever works for you) in front of it, to signify that your issue has been resolved. Just helps us out a little. :)