session expires after 30 min [Archive]

Click to See Complete Forum and Search --> : session expires after 30 min

themoon

04-13-2006, 09:52 AM

i have a login script which uses session in its authentication. It works fine, but how can i make it expire after 30 min of user's inactivity. it looks like this:

session_start();

if ($username && $passwd)
// they have just tried logging in
{
if (login($username, $passwd))
{
// if they are in the database register the user id
$valid_user = $username;
session_register("valid_user");
}
else
{
// unsuccessful login
do_html_header("Problem:");
echo "You could not be logged in.
You must be logged in to view this page.";
do_html_url("login.php", "Login");
do_html_footer();
exit;
}
}

thank you
M

NogDog

04-13-2006, 09:59 AM

Either set the time for session.cookie_lifetime (http://www.php.net/manual/en/ref.session.php#ini.session.cookie-lifetime) in your php.ini or .htaccess, or use the session_set_cookie_params() (http://www.php.net/session_set_cookie_params) function in each script before the session_start() call.

themoon

06-13-2006, 03:01 AM

thanx man....
instead of going to server level to access php.ini file, i did it this way which is also explained in the manual.

<?
ini_set('session.gc_maxlifetime',30); //30 means 30 min
ini_set('session.gc_probability',1);
ini_set('session.gc_divisor',1);
session_start();

// check to see what's happening
$filepath = ini_get('session.save_path').'/sess_'.session_id();

if(file_exists($filepath))
{
$filetime = filemtime ($filepath);
$timediff = mktime() - $filetime;
//echo 'session established '.$timediff.' seconds ago<br><br>';
}

:)

bokeh

06-13-2006, 03:39 AM

ini_set('session.gc_probability',1);
ini_set('session.gc_divisor',1);

:)session.gc_divisor should be set to a figure such as 1000 otherwise you are giving the server a lot of unnecessary work on every request. Also the session has its own natural timeout mechanism which defaults to 30 minutes anyway. If the seesion file still exists after this period it will not be used, it is merely waiting for garbage collection.

themoon

06-13-2006, 08:49 AM

sorry,
i dont understand the relationship between these two functions.
what is the corrct parameter to be passed to make the session properly work to be expired after 30 Minutes of inactivity, not 30 seconds.
Thanks.

bokeh

06-13-2006, 09:36 AM

session.gc_probability and session.gc_divisor have nothing to do with session duration. They are session garbage collection settings. In a default build of PHP a session should expire after 30 minutes of inactivity or on closure of the browser, whichever is sooner.

themoon

06-15-2006, 09:07 AM

It is clear now.thanks a lot for clarification.
M