[PHP] Please help on session_destroy error...
I'm looking for help trying to do away with an error I get from time to
time in my access control session logic. Here is my session setup from the
php.ini:
session.save_handler = files
session.save_path = /tmp
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain = gsfc.nasa.gov
session.cookie_secure = On
session.serialize_handler = php
session.gc_probability = 100
session.gc_maxlifetime = 1800
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 32
session.entropy_file = /dev/urandom
session.cache_limiter =
session.cache_expire = 180
session.use_trans_sid = 0
Now, to my understanding, with this setup, the session cookie should be
good for as long as the browser is open, the garbage collector will be run
on any session startup, and a session should be considered garbage after 3
hours. My problem is that these settings don't always seem to be followed.
Even after sitting for only 60 minutes sometimes, if I click on the logout
button in my interface (which executes the following code), I get a
session_destroy error, about it the session being called for destruction
not being found
if ((!empty($_GET['action'])) && ($_GET['action'] == "logout")) {
session_unset();
if (!empty($_SESSION['logged_in'])) {
session_destroy();
}
}
The only other code is simple HTML output. The session variable "logged_in"
is set upon successful login initially. My rationale for that variable is
that if the session file gets removed via the garbage collector, then that
check above should fail, and the session_destroy function won't be called.
But this doesn't seem to ever work. Is there anything I'm missing here? Any
help would be appreciated. This is all running on Apache 1.3.29, using
Redhat 8 with all current updates, and PHP 4.3.4.
Thanks in advance for any help you may have.
---
Tim
[EMAIL PROTECTED]
Re: [PHP] Please help on session_destroy error...
You problem is probably right here:
session.gc_maxlifetime = 1800
That sets the garbage collection timeout to 30 minutes...
Per the manual:
session.gc_maxlifetime specifies the number of seconds after which data
will be seen as 'garbage' and cleaned up.
It is not "strictly" followed, but PHP does it's best to destroy data
after that timeout elapses. This would explain why sometimes you can
last an hour without getting the error. If you want your timeout to be 3
hours, then I would set that value to something like 11,000 (which is
just a little over 3 hours).
-Jeremy
On Thu, 2004-01-01 at 19:30, Tim Meader wrote:
> I'm looking for help trying to do away with an error I get from time to
> time in my access control session logic. Here is my session setup from the
> php.ini:
>
> session.save_handler = files
> session.save_path = /tmp
> session.use_cookies = 1
> session.use_only_cookies = 1
> session.name = PHPSESSID
> session.auto_start = 0
> session.cookie_lifetime = 0
> session.cookie_path = /
> session.cookie_domain = gsfc.nasa.gov
> session.cookie_secure = On
> session.serialize_handler = php
> session.gc_probability = 100
> session.gc_maxlifetime = 1800
> session.bug_compat_42 = 0
> session.bug_compat_warn = 1
> session.referer_check =
> session.entropy_length = 32
> session.entropy_file = /dev/urandom
> session.cache_limiter =
> session.cache_expire = 180
> session.use_trans_sid = 0
>
> Now, to my understanding, with this setup, the session cookie should be
> good for as long as the browser is open, the garbage collector will be run
> on any session startup, and a session should be considered garbage after 3
> hours. My problem is that these settings don't always seem to be followed.
> Even after sitting for only 60 minutes sometimes, if I click on the logout
> button in my interface (which executes the following code), I get a
> session_destroy error, about it the session being called for destruction
> not being found
>
> if ((!empty($_GET['action'])) && ($_GET['action'] == "logout")) {
> session_unset();
> if (!empty($_SESSION['logged_in'])) {
> session_destroy();
> }
> }
>
> The only other code is simple HTML output. The session variable "logged_in"
> is set upon successful login initially. My rationale for that variable is
> that if the session file gets removed via the garbage collector, then that
> check above should fail, and the session_destroy function won't be called.
> But this doesn't seem to ever work. Is there anything I'm missing here? Any
> help would be appreciated. This is all running on Apache 1.3.29, using
> Redhat 8 with all current updates, and PHP 4.3.4.
>
> Thanks in advance for any help you may have.
>
>
>
>
> ---
> Tim Meader
> CNE ODIN Unix Group
> Lockheed Martin Information Technologies
> [EMAIL PROTECTED]
> (301) 286-8013
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Please help on session_destroy error...
I'm looking for help trying to do away with an error I get from time to
time in my access control session logic. Here is my session setup from the
php.ini:
session.save_handler = files
session.save_path = /tmp
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain = gsfc.nasa.gov
session.cookie_secure = On
session.serialize_handler = php
session.gc_probability = 100
session.gc_maxlifetime = 1800
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 32
session.entropy_file = /dev/urandom
session.cache_limiter =
session.cache_expire = 180
session.use_trans_sid = 0
Now, to my understanding, with this setup, the session cookie should be
good for as long as the browser is open, the garbage collector will be run
on any session startup, and a session should be considered garbage after 3
hours. My problem is that these settings don't always seem to be followed.
Even after sitting for only 60 minutes sometimes, if I click on the logout
button in my interface (which executes the following code), I get a
session_destroy error, about it the session being called for destruction
not being found
if ((!empty($_GET['action'])) && ($_GET['action'] == "logout")) {
session_unset();
if (!empty($_SESSION['logged_in'])) {
session_destroy();
}
}
The only other code is simple HTML output. The session variable "logged_in"
is set upon successful login initially. My rationale for that variable is
that if the session file gets removed via the garbage collector, then that
check above should fail, and the session_destroy function won't be called.
But this doesn't seem to ever work. Is there anything I'm missing here? Any
help would be appreciated. This is all running on Apache 1.3.29, using
Redhat 8 with all current updates, and PHP 4.3.4.
Thanks in advance for any help you may have.
---
Tim Meader
CNE ODIN Unix Group
Lockheed Martin Information Technologies
[EMAIL PROTECTED]
(301) 286-8013
[PHP] Please help on session_destroy error...
I'm looking for help trying to do away with an error I get from time to
time in my access control session logic. Here is my session setup from the
php.ini:
session.save_handler = files
session.save_path = /tmp
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain = gsfc.nasa.gov
session.cookie_secure = On
session.serialize_handler = php
session.gc_probability = 100
session.gc_maxlifetime = 1800
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 32
session.entropy_file = /dev/urandom
session.cache_limiter =
session.cache_expire = 180
session.use_trans_sid = 0
Now, to my understanding, with this setup, the session cookie should be
good for as long as the browser is open, the garbage collector will be run
on any session startup, and a session should be considered garbage after 3
hours. My problem is that these settings don't always seem to be followed.
Even after sitting for only 60 minutes sometimes, if I click on the logout
button in my interface (which executes the following code), I get a
session_destroy error, about it the session being called for destruction
not being found
if ((!empty($_GET['action'])) && ($_GET['action'] == "logout")) {
session_unset();
if (!empty($_SESSION['logged_in'])) {
session_destroy();
}
}
The only other code is simple HTML output. The session variable "logged_in"
is set upon successful login initially. My rationale for that variable is
that if the session file gets removed via the garbage collector, then that
check above should fail, and the session_destroy function won't be called.
But this doesn't seem to ever work. Is there anything I'm missing here? Any
help would be appreciated. This is all running on Apache 1.3.29, using
Redhat 8 with all current updates, and PHP 4.3.4.
Thanks in advance for any help you may have.
---
Tim Meader
CNE ODIN Unix Group
Lockheed Martin Information Technologies
[EMAIL PROTECTED]
(301) 286-8013
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
