Jump to content

sessions not timing out

kaliok

By kaliok
in PHP Coding Help

 Share

Recommended Posts

kaliok Member

kaliok

Posted
Posted

Hi,

 

I have set up my php application to store session data in a datbase by redefining, session_set_save_handler functions. The system seems to work fine, and I can see the sessions being stored in the database and being destroyed, however they do not seem to want to expire in the same way they used to when I wasn't storing them in the database. After 25 mins or so, the deafault expiration would kick in and when going to a page on the site the session would have expired. This is not happening now.I am using a shared host. Below is the code that I am calling on every page.

 

<?php
require_once("[database connection data]");
require_once('[session_set_save_handler functions]');
session_start();

/**
* this redirects a non-logged in user to login.php
* if logged in, nothing happens...
*/ 
function require_authentication($role = '') {
  $_SESSION['name'] = "MYSESSIONNAME";
  $ok=true;
  if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) ) {
  $ok=false;
  }
  if ($ok)
  {
    if(isset($_SESSION['user_id'])) 
    {
    // the session is valid and user is logged in.
    return;
    }
  }
  else
  {
  header("Location: login.php");
  }
exit(); // Quit the script.
}

 

I have tried adding the following lines and variations thereof, but to no avail:

ini_set('session.gc_maxlifetime',5);

ini_set('session.gc_probability',100);

ini_set('session.gc_divisor',100)

 

The following code is what I am using for sesssion_set_save_handler:

<?php
session_set_save_handler('_open',
                         '_close',
                         '_read',
                         '_write',
                         '_destroy',
                         '_clean');
               
$_sess_db=false;   
                 
function _open()
{
    global $_sess_db;
    global $address, $username, $password, $database;    
    $_sess_db = mysql_connect($address,$username,$password);
    if($_sess_db) {
        if(mysql_select_db($database, $_sess_db)) {
        }
        else {
           echo mysql_error($_sess_db);
        }
        
        return true;
    }
    else {
        echo mysql_error($_sess_db);
    }
    return false;
}

function _close()
{
    global $_sess_db;

    return mysql_close($_sess_db);
}

function _read($id)
{
    global $_sess_db;
    $id = mysql_real_escape_string($id, $_sess_db);

    $sql = "SELECT data FROM   sessions WHERE  id = '$id'";
    if ($result = mysql_query($sql, $_sess_db)) {
        if (mysql_num_rows($result)) {
            $record = mysql_fetch_assoc($result);
            return $record['data'];   
        }
    }
    return '';
}

function _write($id, $data)
{
    global $_sess_db;

    $access = time();

    $id = mysql_real_escape_string($id,$_sess_db);
    $access = mysql_real_escape_string($access,$_sess_db);
    $data = mysql_real_escape_string($data,$_sess_db);

    $sql = "REPLACE INTO sessions VALUES  ('$id', '$access', '$data')";

    return mysql_query($sql, $_sess_db);
}

function _destroy($id)
{
    global $_sess_db;

    $id = mysql_real_escape_string($id,$_sess_db);

    $sql = "DELETE FROM  sessions WHERE  id = '$id'";
    return mysql_query($sql, $_sess_db);
}

function _clean($max)
{
    global $_sess_db;
    $old = time() - $max;
    $old = mysql_real_escape_string($old,$_sess_db);

    $sql = "DELETE FROM   sessions WHERE  access < '$old'";

    return mysql_query($sql, $_sess_db);
}

 

I'd be quite happy if the original timeout period of 25 mins or so were working again. But the session only seems to timeout when the window is closed.

 

Thanks for any help in advance.

Link to comment
Share on other sites
kaliok Member

kaliok

Posted
  • Author
Posted

thanks for your response. I am still not sure "where" to do this deletion. I know I can probably manually keep checking the database each time a page is loaded but that seems an awful waste of resources if there is a built in mechanism in place that is checking the sessions status.

 

Any other ideas or where I would place this call to delete this cookie/session?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.