$_SESSION question

[RaythMistwalker]

my website currently loads a $_SESSION parameter when a user logs in ($_SESSION[sESS_MEMBER_ID]) and it keeps this saved on the user untill they logout.

 

Is it possible to make this automatically remove after say 90 minutes of inactivity on the website and if so how?

[premiso]

You would use the session_set_cookie_params and set the expire time to time + 90 minutes, or you can set this interval inside of php.ini using the:

 

Session Configuration

session.cookie_lifetime  "0"  PHP_INI_ALL 

 

To be 90 minutes (note the value needs to be in seconds).

[RaythMistwalker]

session_set_cookie_params  ( int $lifetime  [, string $path  [, string $domain  [, bool $secure = false  [, bool $httponly = false  ]]]] )

 

judging 3600 is 60min so i would set it at 5400 what exactly do i edit? and am i right in thinking i put this above the session_start() in each of my pages.

 

Also, would this automatically remove my $_SESSION['SESS_MEMBER_ID'] since the login page checks to see if that is valid before showing login form cause if its valid it auto logs in.

[premiso]

This would delete the session cookie. So the user would get a new session after that expires and would have to re-authenticate, as that session would no longer be valid.

 

You can add that before the session_start, or you can change it in the php.ini file, however, this change will be reflected on all sites. You may also be able to set it using .htaccess, so you do not have to modify your code to reflect it. Here is an example of the code for the .htaccess:

 

php_value session.cookie_lifetime 5400

Which should effect all folders / files where that file is located (given that you are using Apache).

[teamatomic]

Here is how to limit the cookie and clean up. With the divisor and probability this is 100% garbage collection.

 

ini_set('session.gc_maxlifetime', '10800');//in seconds

ini_set('session.gc_divisor', '1');

ini_set('session.gc_probability', '1');

ini_set('session.cookie_lifetime', '0');//set this to limit in seconds

//ini_set('session.save_path', /path/to/sessions/app_name);//optional

//session_name('app_name');//optional

session_start();

 

 

HTH

Teamatomic

[RaythMistwalker]

Here is how to limit the cookie and clean up. With the divisor and probability this is 100% garbage collection.

 

ini_set('session.gc_maxlifetime', '10800');//in seconds

ini_set('session.gc_divisor', '1');

ini_set('session.gc_probability', '1');

ini_set('session.cookie_lifetime', '0');//set this to limit in seconds

session_start();

 

 

HTH

Teamatomic

I think i have it correct like this:

ini_set('session.gc_maxlifetime', '10800');//in seconds

ini_set('session.gc_divisor', '1');

ini_set('session.gc_probability', '1');

ini_set('session.cookie_lifetime', '5400');//set this to limit in seconds

session_start();

 

Could you also explain what the bold lines do for me please.

 

[teamatomic]

Garbage collection is not by default 100% certain. Maybe it will, maybe it wont. With both those set to 1, it is 100% certain that the garbage man will collect.

 

 

HTH

Teamatomic