Re: [PHP] Sessions - Ini settings and timeout
2007. 10. 17, szerda keltezéssel 15.10-kor Holografix ezt írta:
Many thanks Zoltn.
It's clear now
One more thing: session.cookie_lifetime defaults to 0 (until browser is
closed).
if setting session.cookie_lifetime to 60 can I look for
$_SESSION[session_name()] in every request ?
why $_SESSION[session_name()]?
I never bother with session_name and stuff like that, just put whatever
I want to store in $_SESSION and voila it's there :)
about session.cookie_lifetime: if the cookie expires on the client
computer, the browser would not send it, so the server side would not
receive the session ID, so the session data would be lost. that's good
in some cases, but if you leave cookie_lifetime at its default, cookies
expire when the browser is closed. that, combined with a lasttime value
stored in the session, should be enough.
greets
Zoltán Németh
best regards
holo
Zoltn Nmeth [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
2007. 10. 17, szerda keltezssel 11.58-kor Holografix ezt rta:
I have some questions about sessions timeout and sessions ini settings.
In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only)
,
session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch
this
values)
I have two simple pages
page1.php
-
session_start();
$_SESSION[test] = TEST;
a href=page2.phptest timeout/a
page2.php
=
session_start();
if (!isset($_SESSION[test]) ) {
echo no session; die();
}
print_r($_SESSION);
I open page1.php in the browser and only click in the link after waiting
more than 30 seconds (session.gc_maxlifetime).
After this period what should happen with $_SESSION[test] in page2.php?
In php, session.gc_maxlifetime: ; After this number of seconds, stored
data
will be seen as 'garbage' and
; cleaned up by the garbage collection process.
I need to understand this and get a way to automaticly logout a user
after n
minutes of inactivity.
session.gc_maxlifetime is not what you are looking for. it works like at
every request there is a 1/100 chance
(session.gc_probability/session.gc_divisor) that the garbage collector
will run. if it runs, and finds session data older than
session.gc_maxlifetime, that is cleaned up.
in order to achieve what you want you should store a 'last action'
timestamp or something like that in the session, and upon each request
check how many seconds passed since that timestamp and decide session
validity based on that. eg:
session_start();
if ($_SESSION['last_action_timestamp'] - time() $max_lifetime)
{
// session expired
}
else
{
$_SESSION['last_action_timestamp'] = time();
}
greets
Zoltn Nmeth
My environment:
Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5
Best regards
holo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions - Ini settings and timeout
Many thanks again Zoltán.
It's working nice now.
Best regards
holo
Zoltán Németh [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
2007. 10. 17, szerda keltezéssel 15.10-kor Holografix ezt írta:
Many thanks Zoltn.
It's clear now
One more thing: session.cookie_lifetime defaults to 0 (until browser is
closed).
if setting session.cookie_lifetime to 60 can I look for
$_SESSION[session_name()] in every request ?
why $_SESSION[session_name()]?
I never bother with session_name and stuff like that, just put whatever
I want to store in $_SESSION and voila it's there :)
about session.cookie_lifetime: if the cookie expires on the client
computer, the browser would not send it, so the server side would not
receive the session ID, so the session data would be lost. that's good
in some cases, but if you leave cookie_lifetime at its default, cookies
expire when the browser is closed. that, combined with a lasttime value
stored in the session, should be enough.
greets
Zoltán Németh
best regards
holo
Zoltn Nmeth [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
2007. 10. 17, szerda keltezssel 11.58-kor Holografix ezt rta:
I have some questions about sessions timeout and sessions ini
settings.
In php.ini I have session.gc_maxlifetime = 30 (for testing purpose
only)
,
session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch
this
values)
I have two simple pages
page1.php
-
session_start();
$_SESSION[test] = TEST;
a href=page2.phptest timeout/a
page2.php
=
session_start();
if (!isset($_SESSION[test]) ) {
echo no session; die();
}
print_r($_SESSION);
I open page1.php in the browser and only click in the link after
waiting
more than 30 seconds (session.gc_maxlifetime).
After this period what should happen with $_SESSION[test] in
page2.php?
In php, session.gc_maxlifetime: ; After this number of seconds, stored
data
will be seen as 'garbage' and
; cleaned up by the garbage collection process.
I need to understand this and get a way to automaticly logout a user
after n
minutes of inactivity.
session.gc_maxlifetime is not what you are looking for. it works like
at
every request there is a 1/100 chance
(session.gc_probability/session.gc_divisor) that the garbage collector
will run. if it runs, and finds session data older than
session.gc_maxlifetime, that is cleaned up.
in order to achieve what you want you should store a 'last action'
timestamp or something like that in the session, and upon each request
check how many seconds passed since that timestamp and decide session
validity based on that. eg:
session_start();
if ($_SESSION['last_action_timestamp'] - time() $max_lifetime)
{
// session expired
}
else
{
$_SESSION['last_action_timestamp'] = time();
}
greets
Zoltn Nmeth
My environment:
Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql
5.4.5
Best regards
holo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions - Ini settings and timeout
Hi.
Thank you very much Casey. I followed this suggestion as Zoltán also
suggested and it's working nice.
Best regards,
holo
Casey [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
You could set $_SESSION['lasttime'] to time() and check it on every page.
On Oct 17, 2007, at 3:58 AM, Holografix [EMAIL PROTECTED] wrote:
I have some questions about sessions timeout and sessions ini settings.
In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only)
,
session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch
this
values)
I have two simple pages
page1.php
-
session_start();
$_SESSION[test] = TEST;
a href=page2.phptest timeout/a
page2.php
=
session_start();
if (!isset($_SESSION[test]) ) {
echo no session; die();
}
print_r($_SESSION);
I open page1.php in the browser and only click in the link after waiting
more than 30 seconds (session.gc_maxlifetime).
After this period what should happen with $_SESSION[test] in
page2.php?
In php, session.gc_maxlifetime: ; After this number of seconds, stored
data
will be seen as 'garbage' and
; cleaned up by the garbage collection process.
I need to understand this and get a way to automaticly logout a user
after n
minutes of inactivity.
My environment:
Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql
5.4.5
Best regards
holo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions - Ini settings and timeout
2007. 10. 17, szerda keltezéssel 11.58-kor Holografix ezt írta:
I have some questions about sessions timeout and sessions ini settings.
In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only) ,
session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch this
values)
I have two simple pages
page1.php
-
session_start();
$_SESSION[test] = TEST;
a href=page2.phptest timeout/a
page2.php
=
session_start();
if (!isset($_SESSION[test]) ) {
echo no session; die();
}
print_r($_SESSION);
I open page1.php in the browser and only click in the link after waiting
more than 30 seconds (session.gc_maxlifetime).
After this period what should happen with $_SESSION[test] in page2.php?
In php, session.gc_maxlifetime: ; After this number of seconds, stored data
will be seen as 'garbage' and
; cleaned up by the garbage collection process.
I need to understand this and get a way to automaticly logout a user after n
minutes of inactivity.
session.gc_maxlifetime is not what you are looking for. it works like at
every request there is a 1/100 chance
(session.gc_probability/session.gc_divisor) that the garbage collector
will run. if it runs, and finds session data older than
session.gc_maxlifetime, that is cleaned up.
in order to achieve what you want you should store a 'last action'
timestamp or something like that in the session, and upon each request
check how many seconds passed since that timestamp and decide session
validity based on that. eg:
session_start();
if ($_SESSION['last_action_timestamp'] - time() $max_lifetime)
{
// session expired
}
else
{
$_SESSION['last_action_timestamp'] = time();
}
greets
Zoltán Németh
My environment:
Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5
Best regards
holo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions - Ini settings and timeout
Many thanks Zoltán.
It's clear now
One more thing: session.cookie_lifetime defaults to 0 (until browser is
closed).
if setting session.cookie_lifetime to 60 can I look for
$_SESSION[session_name()] in every request ?
best regards
holo
Zoltán Németh [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
2007. 10. 17, szerda keltezéssel 11.58-kor Holografix ezt írta:
I have some questions about sessions timeout and sessions ini settings.
In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only)
,
session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch
this
values)
I have two simple pages
page1.php
-
session_start();
$_SESSION[test] = TEST;
a href=page2.phptest timeout/a
page2.php
=
session_start();
if (!isset($_SESSION[test]) ) {
echo no session; die();
}
print_r($_SESSION);
I open page1.php in the browser and only click in the link after waiting
more than 30 seconds (session.gc_maxlifetime).
After this period what should happen with $_SESSION[test] in page2.php?
In php, session.gc_maxlifetime: ; After this number of seconds, stored
data
will be seen as 'garbage' and
; cleaned up by the garbage collection process.
I need to understand this and get a way to automaticly logout a user
after n
minutes of inactivity.
session.gc_maxlifetime is not what you are looking for. it works like at
every request there is a 1/100 chance
(session.gc_probability/session.gc_divisor) that the garbage collector
will run. if it runs, and finds session data older than
session.gc_maxlifetime, that is cleaned up.
in order to achieve what you want you should store a 'last action'
timestamp or something like that in the session, and upon each request
check how many seconds passed since that timestamp and decide session
validity based on that. eg:
session_start();
if ($_SESSION['last_action_timestamp'] - time() $max_lifetime)
{
// session expired
}
else
{
$_SESSION['last_action_timestamp'] = time();
}
greets
Zoltán Németh
My environment:
Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5
Best regards
holo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions - Ini settings and timeout
You could set $_SESSION['lasttime'] to time() and check it on every
page.
On Oct 17, 2007, at 3:58 AM, Holografix [EMAIL PROTECTED] wrote:
I have some questions about sessions timeout and sessions ini
settings.
In php.ini I have session.gc_maxlifetime = 30 (for testing purpose
only) ,
session.gc_probability = 1 and session.gc_divisor = 100 (didn't
touch this
values)
I have two simple pages
page1.php
-
session_start();
$_SESSION[test] = TEST;
a href=page2.phptest timeout/a
page2.php
=
session_start();
if (!isset($_SESSION[test]) ) {
echo no session; die();
}
print_r($_SESSION);
I open page1.php in the browser and only click in the link after
waiting
more than 30 seconds (session.gc_maxlifetime).
After this period what should happen with $_SESSION[test] in
page2.php?
In php, session.gc_maxlifetime: ; After this number of seconds,
stored data
will be seen as 'garbage' and
; cleaned up by the garbage collection process.
I need to understand this and get a way to automaticly logout a user
after n
minutes of inactivity.
My environment:
Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql
5.4.5
Best regards
holo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
