Re: Re[2]: [PHP] How to handle so called expired sessions??
I've noticed this as well with the things I've been doing for sessions. They way I understand it is that the server side session storing values is supposed to expire after a certain lenght of time. I currently have this at default so I think it should expire after 24 mins. The cleanup is done within php itself so nothing is cleaned up until php is called again. Is this correct? If so, I have sessions located within my /tmp directory that are over 3 weeks old and have been there ever since they were first created. Ed On Wed, 4 Dec 2002, Tom Rogers wrote: Hi, Wednesday, December 4, 2002, 4:01:07 AM, you wrote: Ive just been getting myself deep into using sessions. Sessions are working as it should except for one condition. Say I log into the site, and the session is started, and I don't do anything for the next 30 mins, then go back to the site. Im temporarily logged out, but because the session cookie is still JWH good, the next page load logs me back in. How do the people who use sessions handle this type of scenario?? JWH Whether your logged back in or not is dependant on your program. Once JWH you are gone for over X minutes, your session file is deleted. So, even JWH though the cookie is still good, the session will not have any data. JWH What's usually done is to check for a certain session value, like JWH $_SESSION['logged_in'] and if it's present, then continue, otherwise JWH force the user to log back in again. JWH ---John Holmes... Not quite that simple as the cleanup proccess may not have run and the data is still sitting there, I use msession so I am not sure if the normal session stuff will return expired data after it expires and before it is deletedmsession does so I hacked it to cleanup if expired data is requested. -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re[2]: [PHP] How to handle so called expired sessions??
I have a similar problem only my sessions expire once you leave the site, even for a second. I'm not so experienced with cookies so how can I fix this? - Original Message - From: Tom Rogers [EMAIL PROTECTED] To: John W. Holmes [EMAIL PROTECTED] Cc: 'Gerard Samuel' [EMAIL PROTECTED]; 'php-gen' [EMAIL PROTECTED] Sent: Tuesday, December 03, 2002 9:52 PM Subject: Re[2]: [PHP] How to handle so called expired sessions?? Hi, Wednesday, December 4, 2002, 4:01:07 AM, you wrote: Ive just been getting myself deep into using sessions. Sessions are working as it should except for one condition. Say I log into the site, and the session is started, and I don't do anything for the next 30 mins, then go back to the site. Im temporarily logged out, but because the session cookie is still JWH good, the next page load logs me back in. How do the people who use sessions handle this type of scenario?? JWH Whether your logged back in or not is dependant on your program. Once JWH you are gone for over X minutes, your session file is deleted. So, even JWH though the cookie is still good, the session will not have any data. JWH What's usually done is to check for a certain session value, like JWH $_SESSION['logged_in'] and if it's present, then continue, otherwise JWH force the user to log back in again. JWH ---John Holmes... Not quite that simple as the cleanup proccess may not have run and the data is still sitting there, I use msession so I am not sure if the normal session stuff will return expired data after it expires and before it is deletedmsession does so I hacked it to cleanup if expired data is requested. -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: Re[2]: [PHP] How to handle so called expired sessions??
I've noticed this as well with the things I've been doing for sessions. They way I understand it is that the server side session storing values is supposed to expire after a certain lenght of time. I currently have this at default so I think it should expire after 24 mins. The cleanup is done within php itself so nothing is cleaned up until php is called again. Is this correct? If so, I have sessions located within my /tmp directory that are over 3 weeks old and have been there ever since they were first created. The default way sessions are set up is that there is a one percent chance that the cleanup process will be triggered on each request. Maybe you've just never hit that 1% ? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: Re[2]: [PHP] How to handle so called expired sessions??
Wednesday, December 4, 2002, 4:01:07 AM, you wrote: Ive just been getting myself deep into using sessions. Sessions are working as it should except for one condition. Say I log into the site, and the session is started, and I don't do anything for the next 30 mins, then go back to the site. Im temporarily logged out, but because the session cookie is still JWH good, the next page load logs me back in. How do the people who use sessions handle this type of scenario?? JWH Whether your logged back in or not is dependant on your program. Once JWH you are gone for over X minutes, your session file is deleted. So, even JWH though the cookie is still good, the session will not have any data. JWH What's usually done is to check for a certain session value, like JWH $_SESSION['logged_in'] and if it's present, then continue, otherwise JWH force the user to log back in again. JWH ---John Holmes... Not quite that simple as the cleanup proccess may not have run and the data is still sitting there, I use msession so I am not sure if the normal session stuff will return expired data after it expires and before it is deletedmsession does so I hacked it to cleanup if expired data is requested. Okay, so what's your question? The cookie and data is still there, but it's expired? How? As far as I know it's not expired until it is deleted. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php