sparq Posted December 22, 2009 Share Posted December 22, 2009 I've been trying to implement a system to where I can login and use my admin panel through a simple script, but it seems that it only takes 10-20 minutes for the php session to expire. How can I prolong this until either the browser is closed or I manually log out? Heres my code so far Admin login <?php session_start(); ?> <html> <?php echo "<a href='index.php'>Home</a><br />"; if(!isset($_SESSION['myusername'])){ echo "<form action='admin_l.php' method='post'> <input type='text' name='myusername' /><br /> <input type='password' name='mypassword' /><br /> <input type='submit' value='submit' /> </form>"; } else { echo "Already Logged in <a href='logout.php'>Click here</a> to logout"; } ?> </html> admin_l.php <?php session_cache_limiter ('private_no_expire'); session_start(); $host = "*****"; $username = "*****"; $password = "*****"; $db_name = "*****"; $tbl_name = "adminmem"; mysql_connect($host,$username,$password)or die("cannot connect"); mysql_select_db($db_name)or die("cannot select DB"); $myusername = $_POST['myusername']; $mypassword = $_POST['mypassword']; $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result = mysql_query($sql); $count = mysql_num_rows($result); if($count==1) { $_SESSION["myusername"] = $myusername; $_SESSION["mypassword"] = $mypassword; header("location:index.php"); } else { echo "login incorrect"; } ?> Quote Link to comment Share on other sites More sharing options...
Buddski Posted December 22, 2009 Share Posted December 22, 2009 Have a look at session.gc_maxlifetime it might be what you are looking for.. Quote Link to comment Share on other sites More sharing options...
premiso Posted December 22, 2009 Share Posted December 22, 2009 the gc_maxliftime does not deal with how long the session stays. It determines how long the session has been inactive before the garbage collector trashes the file. session_set_cookie_params is going to be what you want. This will allow you to set the cookie's life time to be longer than 10-20 minutes. If you prefer to modify your php.ini file, to avoid having to add that code in your script before the session_start look at: http://us3.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime Quote Link to comment Share on other sites More sharing options...
Nom Nom Posted December 23, 2009 Share Posted December 23, 2009 I think you need to check if the session is there? Quote Link to comment Share on other sites More sharing options...
sparq Posted December 23, 2009 Author Share Posted December 23, 2009 I think you need to check if the session is there? No the session is definitely there, I've gotten that much to work Quote Link to comment Share on other sites More sharing options...
sparq Posted December 23, 2009 Author Share Posted December 23, 2009 the gc_maxliftime does not deal with how long the session stays. It determines how long the session has been inactive before the garbage collector trashes the file. session_set_cookie_params is going to be what you want. This will allow you to set the cookie's life time to be longer than 10-20 minutes. If you prefer to modify your php.ini file, to avoid having to add that code in your script before the session_start look at: http://us3.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime Would session_set_cookie_params(3600); be enough before each session_start(); to keep it going for a full hour? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted December 23, 2009 Share Posted December 23, 2009 If you want a session to persist for a time after the browser is completely closed, you would need to set the session.cookie_lifetime to a non-zero value (default is zero, which means - until the browser is closed.) If you need to make the session data files last longer (i.e, the session is ending while someone is on your site for an extened period of time, but is not doing page requests which would keep the session data file 'last accessed time' updated) you need to extend the session.gc_maxlifetime setting. However, if you are on shared web hosting and are using the default/common session.save_path setting, the shortest session.gc_maxlifetime of all the scripts running on the server will 'win' and you must set the session.save_path to point to a 'private' folder within your account's folder tree so that your session settings apply only to your session data files. All of the session settings that have been mentioned must be set before every session_start() statement, so it is best to globally set them in the master php.ini (when you have access to it), in a .htaccess file (when php is running as an Apache Module), in a local php.ini (when php is running as a CGI application), or in your script. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.