COuld you help? login script keeps getting auto logout if inactive for 5mins or so

[lovephp]

friends why does my script logs a user out if he/she is inactive for 5mins or 10 etc it gets logout. once i tried changing max_execution_time from 30 to 21600 but still do not help. could someone help fix this?

 

my login form

 

<form id="loginForm" name="loginForm" method="post" action="login-exec.php">
  <table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
    <tr>
      <td width="112"><b>Login</b></td>
      <td width="188"><input name="login" type="text" class="textfield" id="login" /></td>
    </tr>
    <tr>
      <td><b>Password</b></td>
      <td><input name="password" type="password" class="textfield" id="password" /></td>
    </tr>
    <tr>
      <td> </td>
      <td><input type="submit" name="Submit" value="Login" /></td>
    </tr>
  </table>
</form>

 

my login-exec.php script

 

<?php
    //Start session
    session_start();
    
    //Include database connection details
    require_once('config.php');
    
    //Array to store validation errors
    $errmsg_arr = array();
    
    //Validation error flag
    $errflag = false;
    
    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }
    
    //Sanitize the POST values
    $login = clean($_POST['login']);
    $password = clean($_POST['password']);
    
    //Input Validations
    if($login == '') {
        $errmsg_arr[] = 'Login ID missing';
        $errflag = true;
    }
    if($password == '') {
        $errmsg_arr[] = 'Password missing';
        $errflag = true;
    }
    
    //If there are input validations, redirect back to the login form
    if($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location: index.php");
        exit();
    }
    
    //Create query
    $qry="SELECT * FROM members WHERE login='$login' AND passwd='".$_POST['password']."'";
    $result=mysql_query($qry);
    
    //Check whether the query was successful or not
    if($result) {
        if(mysql_num_rows($result) == 1) {
            //Login Successful
            session_regenerate_id();
            $member = mysql_fetch_assoc($result);
            $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
            $_SESSION['SESS_LOGIN_NAME'] = $member['login'];
            $_SESSION['SESS_PASS'] = $member['passwd'];
            $_SESSION['SESS_SUPERVISOR'] = $member['supervisor'];
            session_write_close();
            header("location: member-index.php");
            exit();
        }else {
            //Login failed
            header("location: login-failed.php");
            exit();
        }
    }else {
        die("Query failed");
    }
?>

 

and my auth.php on top of every protected pages

 

 
<?php
    //Start session
    session_start();
    
    //Check whether the session variable SESS_MEMBER_ID is present or not
    if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
        header("location: access-denied.php");
        exit();
    }
?>

 

would really appreciate if someone could help me fix this

regards

[mac_gyver]

is your site running on a shared web server, i.e. many accounts on the same web server?

[lovephp]

well its in my tution institution where we made 1 pc into server and installed wamp server the the script is used by 100 students. every 5 10 or 15mins a student tried to submit infos they face session expired issue .

[lovephp]

anybody could help me fixing this?

[mac_gyver]

if the time is actually after 24 minutes of inactivity, it's due to the session data files being deleted due to the default value for session.gc_maxlifetime of 1440 seconds. in general, if you need to have sessions persist for longer periods of inactivity, you need to set session.gc_maxlifetime to a longer/reasonable value.

 

if the time seems to vary, its likely a script running on the server is setting session.gc_maxlifetime to a fairly short value (usually done to automatically 'log' people out), which is causing the session data files to be deleted. you would need to find the script doing this and change it to not use session.gc_maxlifetime for this purpose. to automatically log people out, you need to store the last access time and check on each (the next) page request how much time has gone by since the last request to automatically log someone out.

[lovephp]

wel this is the only script running. So if in php.ini i increase the 1440 to longer would it stop the problem? I tried the max_execution_time but its kinda not helping. Or anything i could do with my script? Am not too fimiliar with login system so am clueless about it.

[mac_gyver]

the max_execution_time limits the duration of one/each execution of a script, i.e. each request for a .php page.

 

the session.gc_maxlifetime is the most likely reason for the symptom, based on the information provided.

[lovephp]

tried increasing the value of session.gc_maxlifetime but still session expires way too soon. What other option do i have?

[mac_gyver]

where and how exactly did you change the value?

[lovephp]

in php.ini i changed the session.gc_maxlifetime 1440 to 21600 but still facing the early inactivity logout issue.

[mac_gyver]

is the php.ini that you changed the one that php is using (a phpinfo() would conform that the session.gc_maxlifetime setting got changed) and if you changed the master php.ini, did you restart the web server to get the change to take effect and if you changed a local php.ini, do you have multiple folders and must have the local php.ini settings in each folder?

 

you could also have a logic error or are redirecting between url's that have and don't have the www. on them (by default the session id cookie will only match host-name/sub-domain where it was set at.)

[lovephp]

ah u rite i had not restarted al services. Today when i turned system on its lasting for longer. Thanks