Re: [PHP] Sessions - Ini settings and timeout
2007. 10. 17, szerda keltezéssel 15.10-kor Holografix ezt írta: Many thanks Zoltn. It's clear now One more thing: session.cookie_lifetime defaults to 0 (until browser is closed). if setting session.cookie_lifetime to 60 can I look for $_SESSION[session_name()] in every request ? why $_SESSION[session_name()]? I never bother with session_name and stuff like that, just put whatever I want to store in $_SESSION and voila it's there :) about session.cookie_lifetime: if the cookie expires on the client computer, the browser would not send it, so the server side would not receive the session ID, so the session data would be lost. that's good in some cases, but if you leave cookie_lifetime at its default, cookies expire when the browser is closed. that, combined with a lasttime value stored in the session, should be enough. greets Zoltán Németh best regards holo Zoltn Nmeth [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] 2007. 10. 17, szerda keltezssel 11.58-kor Holografix ezt rta: I have some questions about sessions timeout and sessions ini settings. In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only) , session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch this values) I have two simple pages page1.php - session_start(); $_SESSION[test] = TEST; a href=page2.phptest timeout/a page2.php = session_start(); if (!isset($_SESSION[test]) ) { echo no session; die(); } print_r($_SESSION); I open page1.php in the browser and only click in the link after waiting more than 30 seconds (session.gc_maxlifetime). After this period what should happen with $_SESSION[test] in page2.php? In php, session.gc_maxlifetime: ; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. I need to understand this and get a way to automaticly logout a user after n minutes of inactivity. session.gc_maxlifetime is not what you are looking for. it works like at every request there is a 1/100 chance (session.gc_probability/session.gc_divisor) that the garbage collector will run. if it runs, and finds session data older than session.gc_maxlifetime, that is cleaned up. in order to achieve what you want you should store a 'last action' timestamp or something like that in the session, and upon each request check how many seconds passed since that timestamp and decide session validity based on that. eg: session_start(); if ($_SESSION['last_action_timestamp'] - time() $max_lifetime) { // session expired } else { $_SESSION['last_action_timestamp'] = time(); } greets Zoltn Nmeth My environment: Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5 Best regards holo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions - Ini settings and timeout
Many thanks again Zoltán. It's working nice now. Best regards holo Zoltán Németh [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] 2007. 10. 17, szerda keltezéssel 15.10-kor Holografix ezt írta: Many thanks Zoltn. It's clear now One more thing: session.cookie_lifetime defaults to 0 (until browser is closed). if setting session.cookie_lifetime to 60 can I look for $_SESSION[session_name()] in every request ? why $_SESSION[session_name()]? I never bother with session_name and stuff like that, just put whatever I want to store in $_SESSION and voila it's there :) about session.cookie_lifetime: if the cookie expires on the client computer, the browser would not send it, so the server side would not receive the session ID, so the session data would be lost. that's good in some cases, but if you leave cookie_lifetime at its default, cookies expire when the browser is closed. that, combined with a lasttime value stored in the session, should be enough. greets Zoltán Németh best regards holo Zoltn Nmeth [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] 2007. 10. 17, szerda keltezssel 11.58-kor Holografix ezt rta: I have some questions about sessions timeout and sessions ini settings. In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only) , session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch this values) I have two simple pages page1.php - session_start(); $_SESSION[test] = TEST; a href=page2.phptest timeout/a page2.php = session_start(); if (!isset($_SESSION[test]) ) { echo no session; die(); } print_r($_SESSION); I open page1.php in the browser and only click in the link after waiting more than 30 seconds (session.gc_maxlifetime). After this period what should happen with $_SESSION[test] in page2.php? In php, session.gc_maxlifetime: ; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. I need to understand this and get a way to automaticly logout a user after n minutes of inactivity. session.gc_maxlifetime is not what you are looking for. it works like at every request there is a 1/100 chance (session.gc_probability/session.gc_divisor) that the garbage collector will run. if it runs, and finds session data older than session.gc_maxlifetime, that is cleaned up. in order to achieve what you want you should store a 'last action' timestamp or something like that in the session, and upon each request check how many seconds passed since that timestamp and decide session validity based on that. eg: session_start(); if ($_SESSION['last_action_timestamp'] - time() $max_lifetime) { // session expired } else { $_SESSION['last_action_timestamp'] = time(); } greets Zoltn Nmeth My environment: Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5 Best regards holo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions - Ini settings and timeout
Hi. Thank you very much Casey. I followed this suggestion as Zoltán also suggested and it's working nice. Best regards, holo Casey [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] You could set $_SESSION['lasttime'] to time() and check it on every page. On Oct 17, 2007, at 3:58 AM, Holografix [EMAIL PROTECTED] wrote: I have some questions about sessions timeout and sessions ini settings. In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only) , session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch this values) I have two simple pages page1.php - session_start(); $_SESSION[test] = TEST; a href=page2.phptest timeout/a page2.php = session_start(); if (!isset($_SESSION[test]) ) { echo no session; die(); } print_r($_SESSION); I open page1.php in the browser and only click in the link after waiting more than 30 seconds (session.gc_maxlifetime). After this period what should happen with $_SESSION[test] in page2.php? In php, session.gc_maxlifetime: ; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. I need to understand this and get a way to automaticly logout a user after n minutes of inactivity. My environment: Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5 Best regards holo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions - Ini settings and timeout
2007. 10. 17, szerda keltezéssel 11.58-kor Holografix ezt írta: I have some questions about sessions timeout and sessions ini settings. In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only) , session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch this values) I have two simple pages page1.php - session_start(); $_SESSION[test] = TEST; a href=page2.phptest timeout/a page2.php = session_start(); if (!isset($_SESSION[test]) ) { echo no session; die(); } print_r($_SESSION); I open page1.php in the browser and only click in the link after waiting more than 30 seconds (session.gc_maxlifetime). After this period what should happen with $_SESSION[test] in page2.php? In php, session.gc_maxlifetime: ; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. I need to understand this and get a way to automaticly logout a user after n minutes of inactivity. session.gc_maxlifetime is not what you are looking for. it works like at every request there is a 1/100 chance (session.gc_probability/session.gc_divisor) that the garbage collector will run. if it runs, and finds session data older than session.gc_maxlifetime, that is cleaned up. in order to achieve what you want you should store a 'last action' timestamp or something like that in the session, and upon each request check how many seconds passed since that timestamp and decide session validity based on that. eg: session_start(); if ($_SESSION['last_action_timestamp'] - time() $max_lifetime) { // session expired } else { $_SESSION['last_action_timestamp'] = time(); } greets Zoltán Németh My environment: Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5 Best regards holo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions - Ini settings and timeout
Many thanks Zoltán. It's clear now One more thing: session.cookie_lifetime defaults to 0 (until browser is closed). if setting session.cookie_lifetime to 60 can I look for $_SESSION[session_name()] in every request ? best regards holo Zoltán Németh [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] 2007. 10. 17, szerda keltezéssel 11.58-kor Holografix ezt írta: I have some questions about sessions timeout and sessions ini settings. In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only) , session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch this values) I have two simple pages page1.php - session_start(); $_SESSION[test] = TEST; a href=page2.phptest timeout/a page2.php = session_start(); if (!isset($_SESSION[test]) ) { echo no session; die(); } print_r($_SESSION); I open page1.php in the browser and only click in the link after waiting more than 30 seconds (session.gc_maxlifetime). After this period what should happen with $_SESSION[test] in page2.php? In php, session.gc_maxlifetime: ; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. I need to understand this and get a way to automaticly logout a user after n minutes of inactivity. session.gc_maxlifetime is not what you are looking for. it works like at every request there is a 1/100 chance (session.gc_probability/session.gc_divisor) that the garbage collector will run. if it runs, and finds session data older than session.gc_maxlifetime, that is cleaned up. in order to achieve what you want you should store a 'last action' timestamp or something like that in the session, and upon each request check how many seconds passed since that timestamp and decide session validity based on that. eg: session_start(); if ($_SESSION['last_action_timestamp'] - time() $max_lifetime) { // session expired } else { $_SESSION['last_action_timestamp'] = time(); } greets Zoltán Németh My environment: Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5 Best regards holo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions - Ini settings and timeout
You could set $_SESSION['lasttime'] to time() and check it on every page. On Oct 17, 2007, at 3:58 AM, Holografix [EMAIL PROTECTED] wrote: I have some questions about sessions timeout and sessions ini settings. In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only) , session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch this values) I have two simple pages page1.php - session_start(); $_SESSION[test] = TEST; a href=page2.phptest timeout/a page2.php = session_start(); if (!isset($_SESSION[test]) ) { echo no session; die(); } print_r($_SESSION); I open page1.php in the browser and only click in the link after waiting more than 30 seconds (session.gc_maxlifetime). After this period what should happen with $_SESSION[test] in page2.php? In php, session.gc_maxlifetime: ; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. I need to understand this and get a way to automaticly logout a user after n minutes of inactivity. My environment: Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5 Best regards holo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php