ajetrumpet Posted September 8, 2020 Share Posted September 8, 2020 can anyone tell me how to modify a timeout for a web app when logged in? Here are the known specs: => there is no session hash in the URL when logging in. => default timeout for no transacting activity is 5 minutes. I really have no way to know if the timeout is located in the local cookie or stored in the web app [session] itself. It's a large PHP application that I'm referring to. and before anyone asks, no it's not a hacking attempt. This is simply an attempt by me to stop this little annoyance. I realize that a lot of people do this sort of thing for security reasons. Also, every transaction on the website (moving from page to page, clicking buttons) results in more than one file with a hash-based name being put in firefox's cache. Thanks. Adam Quote Link to comment https://forums.phpfreaks.com/topic/311447-timeout-data-located-in-cookie-files/ Share on other sites More sharing options...
gw1500se Posted September 8, 2020 Share Posted September 8, 2020 (edited) $_SESSION data is stored on the server. If you run 'phpinfo()' and look for the variable 'session.save_path' you can see exactly where it is. Cookies, on the other hand, are stored on the client. Edited September 8, 2020 by gw1500se Quote Link to comment https://forums.phpfreaks.com/topic/311447-timeout-data-located-in-cookie-files/#findComment-1581234 Share on other sites More sharing options...
requinix Posted September 8, 2020 Share Posted September 8, 2020 You can see the expiration time of the cookie. Five minutes is really short, though, so I doubt the timeout is coming from an expired cookie. Which means it's server-side and there's nothing you can do about it. Quote Link to comment https://forums.phpfreaks.com/topic/311447-timeout-data-located-in-cookie-files/#findComment-1581237 Share on other sites More sharing options...
ajetrumpet Posted September 9, 2020 Author Share Posted September 9, 2020 thanks guys. 12 hours ago, requinix said: You can see the expiration time of the cookie. Five minutes is really short, though, so I doubt the timeout is coming from an expired cookie. Which means it's server-side and there's nothing you can do about it. req, can you give me any insight into the %age of what web apps being used by companies set timeouts inside of cookie files that sit on a client vs. those that use sessions or any type of "pointer code" in a client cookie file to read server data and detect the timeout expiration? which method is more common and why? or is this just one of those pointless arguing topics that software developers go back and forth with forever only to end up in a draw? 😃 Quote Link to comment https://forums.phpfreaks.com/topic/311447-timeout-data-located-in-cookie-files/#findComment-1581243 Share on other sites More sharing options...
requinix Posted September 9, 2020 Share Posted September 9, 2020 1 hour ago, ajetrumpet said: can you give me any insight into the %age of what web apps being used by companies set timeouts inside of cookie files that sit on a client vs. those that use sessions or any type of "pointer code" in a client cookie file to read server data and detect the timeout expiration? 1 hour ago, ajetrumpet said: which method is more common and why? or is this just one of those pointless arguing topics that software developers go back and forth with forever only to end up in a draw? 😃 Forget "common" and think about "purpose". A session cookie lasts potentially forever, but it disappears when the browser closes. Is "forever" a problem? User authentication should not last forever. A regular cookie lasts until some particular time, assuming it does not get refreshed. But once that time passes, the data contained by the cookie is lost. Is losing that data a problem? User tracking data should not disappear or else you'll mistakenly count too many users. Quote Link to comment https://forums.phpfreaks.com/topic/311447-timeout-data-located-in-cookie-files/#findComment-1581248 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.