> From: "Hans Prins" <[EMAIL PROTECTED]>
>
> can you show us the PHP code that you use to manage your session?
Sure. You say in a following post:
> I am asking because if you are using: session_set_cookie_params(), the
> effect of this function only lasts for the duration of the script.
I'm not using session_set_cookie_params(). The session.cookie_lifetime
setting is 0; I don't specify anything about cookies.
I have a login function that checks username/password against database
values, then on the content management system index page I do:
if (login($username, $password) {
$user = $username;
session_register("user");
}
All pages within the cms have session_start(); following a require_once()
statement, output some HTML, then call check_valid_user(), shown below:
function check_valid_user() {
global $user;
if (session_is_registered("user")) {
echo("<p>Logged in as $user.</p>");
} else {
?>
<h3>Problem: You are not logged in.</h3>
<p><a href="login.php">Login</a></p>
</body>
</html>
<?
exit;
}
}
That's it.
--
Lowell Allen
> "Lowell Allen" <[EMAIL PROTECTED]> schreef in bericht
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>> I'm using sessions for authentication in a content management system and
>> experiencing rare but occasional problems with the session apparently
>> expiring unexpectedly. I've checked the manual and I've reviewed the
> session
>> configuration on the commericial host I'm using. I don't see anything
> wrong,
>> but there are some settings that I don't understand:
>>
>> session.gc_maxlifetime 1440 -- Garbage collection after 24 minutes? Does
>> this mean that the session id and session variables will be cleared after
> 24
>> minutes of inactivity? (Surely not; that doesn't make sense.) And cleared
>> from where, the directory specified in session.save_path?
>>
>> session.save_path /tmp -- The session id and session variables are stored
> in
>> this directory, and it's more secure to specify a different directory. Is
> it
>> more stable to specify a different directory? Is it more stable to use a
>> database?
>>
>> session.cache_expire 180 -- The cache expires after 3 hours? If
>> session.cache_limiter is set to nocache, is session.cache_expire relevant?
>>
>> Basically, I want users to be able to stay logged in to the content
>> management system indefinitely, but my tests show that after about 2 hours
>> of inactivity, the session expires. (Going to a different page causes the
>> session variable that identifies the user to be checked with
>> session_is_registered(), and access is denied if the variable isn't
>> registered.) Some users have reported this happening after about 30
> minutes.
>>
>> I'm on LInux, PHP 4.1.2, session.cookie_lifetime setting is 0,
>> session.use_cookies setting is On, session.use_trans_sid setting is 1, and
>> other configurations as mentioned above. Why are sessions expiring?
> Comments
>> and directions to more information are appreciated.
>>
>> --
>> Lowell Allen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
