session not timing out

Forum Moderators: coopster

Message Too Old, No Replies

session not timing out

php_value session.gc_maxlifetime 300 doesn't work

zeeshan_kh

4:36 pm on Jan 19, 2006 (gmt 0)

hey,

my server just doesn't seem to be timing a session out. If i leave my window on the session just stays alive.

I have tried placing these two lines in my .htaccess.

php_value session.gc_maxlifetime 300
php_value session.cookie_lifetime 300

with these lines in .htaccess session should timeout after 5 minutes but after placing these lines session doesn't even start...

Am i doing something wrong here..?

Thanks

PS I tried phpinfo() after putting these lines in .htaccess and the changes are reflecting.

coopster

7:27 pm on Jan 19, 2006 (gmt 0)

You need to understand sessions a bit more. Read through the PHP Session Handling Functions [php.net] pages and pay particularly close attention to the "garbage collection" directives. Also, there are a couple of threads here at WebmasterWorld that have some in depth discussion regarding sessions that may prove useful. Links to some are in this informative discussion:

Session is timing out - how do I increase cookie time? [webmasterworld.com]

zeeshan_kh

9:22 am on Jan 20, 2006 (gmt 0)

thanks man....i'll have a look

zeeshan_kh

11:57 am on Jan 23, 2006 (gmt 0)

hey coopster,

I have read the threads u mentioned but my problem is still there. I know the threads you mentioned say that if the site is on a shared server then i need to change the cookie path as well but i'm doing it on my own server.

Actually, now i'm changing the session.gc_maxlifetime and session.cookie_lifetime values directly in my php.ini but whenever i change "session.cookie_lifetime" to anything else then '0', my server stops registering session variables.

any idea why that is..?

Thanks for ur help

coopster

3:31 pm on Jan 23, 2006 (gmt 0)

You are telling the browser how long (in seconds) to keep the cookie (session). So if you gave it a value of 300 the browser will keep the session for 5 minutes. Once the expiration time has been reached, the cookie will no longer be stored or given out.

zeeshan_kh

3:51 pm on Jan 23, 2006 (gmt 0)

yea thats what i think should happen as well but actually the session refuses to start and register any variable and i've got no idea why setting a cookie time should effect session variable registration

coopster

4:13 pm on Jan 23, 2006 (gmt 0)

It may be that your browser is caching. Have you tried clearing the cache?

On a side note, I tend to leave the setting at 0 which equates to "when the user closes the browser" and manage session timeouts on the server instead. Session garbage collection happens by looking at 3 directives -- the gc (garbage collection) probability, the gc divisor, and the maxlifetime:

session.gc_probability 
session.gc_divisor 
session.gc_maxlifetime

You should be able to rely on these exclusively but if you want you can always store the timestamp in a session variable and compare that to your timeout value and handle accordingly.

zeeshan_kh

4:32 pm on Jan 23, 2006 (gmt 0)

i have just noticed something...if i change cookie_lifetime to anything else then 0, then on refreshing the page php creates a new session_id everytime. which means it does store the information but the session get expired straightaway and a new session_id gets assigned to the browser.

I have not touched session.gc_probability and session.gc_divisor values, they are still set to default which i think is 1000 and 1.