Edit report at http://bugs.php.net/bug.php?id=10677&edit=1
ID: 10677 Updated by: [email protected] Reported by: andrew at blackecho dot ca Summary: Session lifetimes beyond browse on per session basis -Status: Open +Status: Wont fix Type: Feature/Change Request -Package: Feature/Change Request +Package: Session related Operating System: Linux (RH6) PHP Version: 4.0.4pl1 Block user comment: N Private report: N New Comment: Use your own session handler for such. If using files based sessions, in multi-host env, you need to have separate session.save_path for all hosts and set the session.gc_maxlifetime for each properly in each vhost. Better solution is still the custom handler. See session_set_save_handler() for more info. Previous Comments: ------------------------------------------------------------------------ [2001-05-04 16:39:31] andrew at blackecho dot ca Something that's been requested in the annoated manuals but I don't see an actual feature request. The problem is that while there is a session.gc_maxlifetime option in the ini file for dealing with the lifetime of session data, there is no way to set this on a per session level. Eg. I have a login class that uses sessions to maintain data. It works fine so long as I don't want my login sessions to outlast the browser. Once I decided I wanted that to at least be an option of my class (set through a method) I had to perform a work-around of the session.cookie_lifetime INI file settings (since the session_set_cookie_params() call doesn't seem to work properly, or at least the way I wanted it to). At any rate, I managed to get around this problem and everything was working fine, but every so often (seemingly without ryhme or reason) when I returned to my example page the login class would come to a screaming halt and die(). After debugging for quite some time, I determined that it was because although I had managed to extend the life of the session id (though another cookie of my own and some funky hand-waving logic) the session DATA had expired after 1440 seconds, or 24 minutes. I got this number from the INI file as it was the value set for session.gc_maxlifetime. Unfortunately, there is no way to extend this lifetime value through PHP; only via the ini file. This is not a viable solution however, when you run multiple virtual hosts on your server with the same PHP (as I do) and some of them have different login requirements (some more secure than others; some want the login to expire with the browser, others want it to last a week, etc.) So my feature request is for a session_set_data_lifetime() function (and probably a get() equivilant for completeness). I'd also like it if the session_set_cookie_params() function actually worked like I think it should (and not, as it says cryptically, 'only for the duration of the script') Thank you. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=10677&edit=1
