Session Time Length

[elmas156]

Hello everyone,

 

I've searched these forums for a while now trying to resolve a problem that I have with my sessions timing out before I would like them to, but I've only gotten confused about it.  I've read about changing some settings or adding code in my php.ini file but I have no idea what I'm doing when it comes to that.  I'm starting the session simply by having session_start(); at the top of each of my pages.  I'm including a copy of my entire php.ini file here so that you can see what I have already.  Can someone please help me to figure out what I would need to do to make my sessions last at least 8 hours?  Thanks in advance.

 

Here's my php.ini file:

register_globals = off
allow_url_fopen = off

expose_php = Off
max_input_time = 60
variables_order = "EGPCS"
extension_dir = ./
upload_tmp_dir = /tmp
precision = 12
SMTP = relay-hosting.secureserver.net
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="


; Only uncomment zend optimizer lines if your application requires Zend Optimizer support

;[Zend]
;zend_optimizer.optimization_level=15
;zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.3.3
;zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3
;zend_extension=/usr/local/Zend/lib/Optimizer-3.3.3/ZendExtensionManager.so
;zend_extension_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3/ZendExtensionManager_TS.so


; -- Be very careful to not to disable a function which might be needed!
; -- Uncomment the following lines to increase the security of your PHP site.

;disable_functions = "highlight_file,ini_alter,ini_restore,openlog,passthru,
;		      phpinfo, exec, system, dl, fsockopen, set_time_limit,
;                     popen, proc_open, proc_nice,shell_exec,show_source,symlink"

[denno020]

I don't think sessions time out by themselves? The only way a session will end (if there isn't a specific timer set up) is if the browser window is closed. There is no way to keep this information stored in the way you're thinking as a session, you would need to use cookies to store the session data.

 

Denno

[PFMaBiSmAd]

By design, Sessions are intended to last one browser session. They end when either the session id is dropped by the browser or when the session data file is deleted on the server.

 

If you have some unique need to make a session last longer than one browser session, you would need to set both the session.cookie_lifetime and session.gc_maxlifetime settings to the longer desired value.

 

If you are on a shared web server, using the default session.save_path setting, you would also need to set session.save_path to point to a private folder within your account's folder tree so that only your session settings affect your session data files.

[elmas156]

Thanks for the replies...

 

PFMaBiSmAd: I know you have to be getting tired of repeating yourself because I've read this exact post from you at least three times in other threads... the problem that I have is it's pretty much Greek to me as of now.  I've never dealt with session_save.path, session.cookie_lifetime, or session.gc_maxlifetime, which is what I think you said in another threat would need to be changed in the php.ini file.

 

I am on a shared server, and if it helps, I think there is some setting that deletes the session data file after a set amount of time because the session is automatically ended after some time, even when the browser is left open.  Any idea what I might need to do and how?  Thanks so much for helping someone of my ignorance level... believe me, I'm trying to improve it.  Haha!

[PFMaBiSmAd]

If your problem is that your session data files are getting deleted when you don't expect them to be delete (and not really that you want to make the session last 8 hours, you just want them to last as long as the visitor is on your site), it is either because your session data files are being stored in with the session data files of the other accounts on the shared web server and someone has set his session.gc_maxlifetime to a short value (the shortest setting of all the accounts 'wins') and/or you are expecting a session to last longer than the default session.gc_maxlifetime setting of 1440 seconds (24 minutes) even when there is no activity by any one visitor (just having a page 'open' in the browser doesn't actually mean anything to the web server) that keeps the last access time of the session data file updated so that it won't get deleted when session garbage collection runs.

 

To start with, you need to check what a phpinfo(); statement shows for the session.save_path setting. If it is blank or \tmp or any other path that is not specific to your account's folder naming, it means that your session data files are being stored in a common location with all the other account's session data files. You need to create a folder within your account's folder tree and set your session.save_path setting to point to your own folder. This will allow only your session settings to affect your session data files.

 

After you have done the above or have confirmed that you are already storing your session data files in your own folder AND you need the session data files to exist longer, in the case of someone just sitting on your site with a page open, such as when typing a reply in a form or reading a long page, you either need to set your session.gc_maxlifetime setting to a longer value or you need to use AJAX to cause the page to periodically make a http request to the web server to execute a session_start() statement on a page to keep the last accessed time of the session data file updated.

 

As to how you set the session.save_path and session.gc_maxlifetime (and session.cookie_lifetime if you actually want the session to last longer than one browser session) settings on your server, depends on if and how your host has set up php or how he permits you to set them.

 

The settings being mentioned must be set before every session_start() statement. It is best if you globally set them in the master php.ini (when you have access to it - i.e. you own the server), in a .htaccess file (when php is running as an Apache Module and your web host permits you to change php settings), in a local php.ini (when php is running as a CGI application and your web host permits you to change php settings), or in your script (usually in an include file that is always included before any session_start() statement gets executed.)

[elmas156]

OK, I've learned that my session.save_path is blank so my session data is being saved in a common location with other users' session data. 

 

Now, what I gathered from your explanation, is that I need to set the session.save_path and session.gc_maxlifetime (I don't actually need the session to remain open after the browser has been closed, only as long as it is left open).

 

I do have a php.ini file that I have access to change, but I'm pretty sure that this is not going to be the master file.  I'm guessing that my host is running PHP as a CGI application so I can change the PHP settings locally.

 

Here is my php.ini file again:

register_globals = off
allow_url_fopen = off

expose_php = Off
max_input_time = 60
variables_order = "EGPCS"
extension_dir = ./
upload_tmp_dir = /tmp
precision = 12
SMTP = relay-hosting.secureserver.net
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="


; Only uncomment zend optimizer lines if your application requires Zend Optimizer support

;[Zend]
;zend_optimizer.optimization_level=15
;zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.3.3
;zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3
;zend_extension=/usr/local/Zend/lib/Optimizer-3.3.3/ZendExtensionManager.so
;zend_extension_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3/ZendExtensionManager_TS.so


; -- Be very careful to not to disable a function which might be needed!
; -- Uncomment the following lines to increase the security of your PHP site.

;disable_functions = "highlight_file,ini_alter,ini_restore,openlog,passthru,
;            phpinfo, exec, system, dl, fsockopen, set_time_limit,
;                     popen, proc_open, proc_nice,shell_exec,show_source,symlink"

 

So, assuming that I've come to the proper conclusion about this information, and I've created a folder named "save_path," how would I set the session.save_path and session.gc_maxlifetime in my php.ini file?

[PFMaBiSmAd]

session.save_path = full_file_system_path_to_folder_no_trailing_slash
session.gc_maxlifetime = integer_value_in_seconds

[elmas156]

OK, I've added these lines to the php.ini file and uploaded it to my root directory, where it was initially.

 

session.save_path = /home/content/29/6879529/html/save_path

session.gc_maxlifetime = 36000

 

I ran phpinfo() again and nothing has changed for the session.save_path or session.gc_maxlifetime.  I'm not getting any kind of error or anything when I try to log in to my site, but shouldn't the local values change?  I'm not sure if what I've done worked or not and if there's a way to find out other than waiting 10 hours to see if I'm logged off, I would rather use it.

[PFMaBiSmAd]

The LOCAL values in phpinfo() should have changed.

 

You are apparently using godaddy hosting. What php version?

[elmas156]

PHP version 5.2.14

 

My hosting is actually through cheap-domainregistration.com, which I believe is owned by godaddy.com, but I'm not sure.

[PFMaBiSmAd]

Try this -

 

If you are running PHP 5, name your initialization file php5.ini

[elmas156]

Well, I renamed php.ini to php5.ini, re-ran the phpinfo() script, but nothing changed.  Any other ideas?  Thanks again for your help, by the way.  You're a real asset to this community!

[elmas156]

No, wait!  I guess it takes a few minutes to register because I tried it again and it works now!  But the Local and the Master files both changed... is it supposed to do that?

[PFMaBiSmAd]

Probably, yes.

 

When php is running as a cgi application, a separate invocation of it is called on each page request, so the local php.ini is actually THE php.ini.

[elmas156]

Awesome! Thanks so much for all your help.  I know you spent a lot of time that you didn't have to spend on this.  I just can't thank you enough!