Re: [PHP] Sessions, and timeout
I guess your clients PC's clock is not accurate. How about set timeout to 0?
Then session cookie will not timeout until browser is closed.
You can compile PHP with trans-sid to add session id automatically.
http://www.php.net/manual/en/ref.session.php
I've posted PHP session helper HTML file that checks JavaScript and cookie
is enabled. You can find at
http://www.zend.com/codex.php?id=458single=1
Regards,
Yasuo Ohgaki
Hi all,
I have a timeout problem with sessions. I use the PHP session handling
(4.0.4pl1). It works, but it times to fast out.
I've set:
ini_alter("session.gc_maxlifetime", "172800");
and
phpinfo() says:
session.cache_expire: local=172800, global=180
session.gc_maxlifetime: local=172800, global=1440
It times out really quick, mabye 10-20 minutes.
Any hints on why that might be?
I used to just use cookies, but I want the url backup system of PHP.
Also the setting in phpinfo():
url_rewriter.tags : a=href,area=href,frame=src,form=fakeentry
Is it possible to have a variable other that the PHPSESSION variable be
appended to the URL automatically. I.e. I want to use cookies, but if
cookies
are not accepted then I want to use url variables? And I really don't need
the session functionality cause I handle that myself.. (timeout etc.)
That is just use the feature PHP has to append variables to links and
forms.
To use it as a cookie backup system, without using PHP sessions..
So I want a variable MyVAR which is appended to urls and forms
automatically
( trans-sid is enabled ).
If I can do that I also need to know how I can check if cookies are
accepted
or not, so I can append the variables only if cookies are not accepted.
( Using redhat linux 6.2 with the latest PHP version, 4.0.4pl1 )
Cheers,
--
Brd Farstad
Systems developer
ez.no | developer.ez.no | zez.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Sessions, and timeout
On Thursday 08 March 2001 11:14, Yasuo Ohgaki wrote: I guess your clients PC's clock is not accurate. How about set timeout to 0? Then session cookie will not timeout until browser is closed. Actually the server and client clock only differs with about 1 minute. The 0 timeout will not work. I want the session to be remember for several days, I had no problems with pure cookies while doing this. The timeout value that PHP reports suggests that the timeout should be several days.. but it does not seem to work. You can compile PHP with trans-sid to add session id automatically. http://www.php.net/manual/en/ref.session.php I have that and PHP does append the PHPSESSID variable to urls. Works great. My question is: can I manually tell PHP to append e.g. MyVAR=foo to all URL's and forms. BTW: if you use header( "Location: ..." ); to redirect PHP does not append the session id to the header information (cookie less that is). You have to append it to the Location manually. ( Bug in PHP ) I've posted PHP session helper HTML file that checks JavaScript and cookie is enabled. You can find at http://www.zend.com/codex.php?id=458single=1 I'll check, but I prefer not using javascript. cheers, -- Brd Farstad Systems developer ez.no | developer.ez.no | zez.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Sessions, and timeout
On Thursday 08 March 2001 11:14, Yasuo Ohgaki wrote: I guess your clients PC's clock is not accurate. How about set timeout to 0? Then session cookie will not timeout until browser is closed. Actually the server and client clock only differs with about 1 minute. Then how about check the server's response headers that sent to client? You can view headers using wget or like. PHP might be sending global ini var(which is set to small number) to client for some reason. The 0 timeout will not work. I want the session to be remember for several days, I had no problems with pure cookies while doing this. It might be browser specific problem, if server is sending correct headers. Is it happen all browsers you have? or just a few of them? The timeout value that PHP reports suggests that the timeout should be several days.. but it does not seem to work. You can compile PHP with trans-sid to add session id automatically. http://www.php.net/manual/en/ref.session.php I have that and PHP does append the PHPSESSID variable to urls. Works great. My question is: can I manually tell PHP to append e.g. MyVAR=foo to all URL's and forms. Do you mean just like trans-sid? I think you cannot as far as I know. PHP Programmers/HTML designer have to write code manually to add query string. Anyone?? BTW: if you use header( "Location: ..." ); to redirect PHP does not append the session id to the header information (cookie less that is). You have to append it to the Location manually. ( Bug in PHP ) I've posted PHP session helper HTML file that checks JavaScript and cookie is enabled. You can find at http://www.zend.com/codex.php?id=458single=1 I'll check, but I prefer not using javascript. You also can find very simple PHP code to check cookie is enabled or not at code exchange. Regards, Yasuo Ohgaki -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Sessions, and timeout
It looks it would not cause too short expiration of session. (Expire is not set
for cookie. This is not what you want probably, but this should not cause
expiration of cookie within 10 or 20 min. You changes session.cache_expire, but
set Expire: and no cache headers. I think you don't need to do both. It probably
written for in case you want browsers to cache document, though.)
These are what I'm look for next.
Assuming you lost session data, but not session id.
What is your session handler? file/mm/user? If user, is your gc function working
as it should?
Global value of session.gc_maxlifetime and others are set to low number in
previous mail, change this to see if it fixes.
[I forgot when garbage collection is performed, but if gc is done before/after
session_read(), changes made by ini_set() - gc_maxlifetime - will not make any
difference. If gc is done before/after session_write(), should work as expected]
Do you have any code that uses session w/o changing gc_maxlifetime settings?
[Change made by ini_set()/ini_alter() is local, would not change other
connection's setting]
If you lost session id stored in cookie, but session data exists on server. I
have no idea what's wrong or what you need to look for.
By the way, following line is redundant as I mentioned at first.
ini_alter("session.cache_expire", "172800");
This will not affect, since you have Expire: and no cache header. There is other
issue with this line.
i.e. 172800 minutes for document expiration is too long. From my php.ini
;session.cache_expire = 180 ; document expires after n minutes
Hope this helps.
Yasuo Ohgaki
== original msg ===
Then how about check the server's response headers that sent to client? You
can view headers using wget or like. PHP might be sending global ini
var(which is set to small number) to client for some reason.
Ok, this is the header information I get.
HTTP/1.1 200 OK
Date: Thu, 08 Mar 2001 11:52:37 GMT
Server: Apache/1.3.14 (Unix) (Red-Hat/Linux) mod_ssl/2.7.1 OpenSSL/0.9.5a
PHP/4.0.4pl1 mod_perl/1.24
X-Powered-By: PHP/4.0.4pl1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Thu, 08 Mar 2001 11:52:37GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=784c532834c6a36451f91c235ee44aa4; path=/
Connection: close
Content-Type: text/html;charset=iso-8859-1
Code snippet from the script:
--
// Disable page chacing. Could this interfer with sessions?? :
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
// Turn on output buffering
ob_start();
// start session handling
session_start();
// settings for sessions
ini_alter("session.gc_maxlifetime", "172800");
ini_alter("session.entropy_file","/dev/urandom");
ini_alter("session.entropy_length", "512");
ini_alter("session.cache_expire", "172800");
// set the session variable (inside a class):
session_register( "eZSession" );
$GLOBALS["eZSession"] = $this-Hash;
// fetches the session information:
$hash = $GLOBALS["eZSession"];
// flush buffer
ob_end_flush();
-
For more code (full class listing) you can check out:
http://doc.ez.no/ezsession.src.html#1
That should be straight forward right?
I have no idea why it times out. I've tested quite alot of things now:)
I've tested with Konqueror, Netscape and Opera. Every browser times out. Also
with cookieless sessions.
Do you mean just like trans-sid? I think you cannot as far as I know. PHP
Programmers/HTML designer have to write code manually to add query string.
Anyone??
Yes, I would like that trans-sid. Like if I could have code like.
php_auto_append_variable( "MyVar", "foo bar" );
( Of course that makes no sense when I get the sessions up and running. )
Regards,
--
Brd Farstad
Systems developer
ez.no | developer.ez.no | zez.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
