Has anyone ever used the in-built session stuff in PHP to manage sessions? I've only used it briefly in the past but decided to use it on www.ausimages.com so I didn't have to re-invent the wheel. I'm having problems with the session timeout though - it seems to die after a couple of hours, requiring a re-login.

I'm doing:

$expiretime = (60*60*24*7);

session_set_cookie_params($expiretime, "/", ".ausimages.com");

... at the start of each page. The PHP documentation and comments on the session_set_cookie_params manual page seems to be a bit disputed when it comes to how you actually set the $expiretime - ie, whether or not it is "seconds from now that the cookie will expire", or if it should be an absolute time (ie, time()+(60*60*24*7). I've tried both, with the same results.

Can't say that I had that problem when I used the PHP Session. I'd check in your PHP.ini for this:

From: http://au2.php.net/session

session.gc_maxlifetime integer

session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up.

Note: If you are using the default file-based session handler, your filesystem must keep track of access times (atime). Windows FAT does not so you will have to come up with another way to handle garbage collecting your session if you are stuck with a FAT filesystem or any other fs where atime tracking is not available. Since PHP 4.2.3 it has used mtime (modified date) instead of atime. So, you won't have problems with filesystems where atime tracking is not available.

Might be the cause of your problem.

Its set to 1440 (seconds - 24 minutes) - my sessions are lasting longer than that. I'll try upping it anyway and see what happens.

Strange. I'm gonna take another stab in the dark and ask have tried it with different browsers? Cookie/Session can be such a pain :(.

Also found this other function to try:

http://www.php.net/manual/sv/function.session-cache-expire.php

session_cache_expire() returns the current setting of session.cache_expire. The value returned should be read in minutes, defaults to 180. If new_cache_expire is given, the current cache expire is replaced with new_cache_expire .

The cache expire is reset to the default value of 180 stored in session.cache_limiter at request startup time. Thus, you need to call session_cache_expire() for every request (and before session_start() is called).

Yeh, looked at that as well, but that seems more for caching issues than anything else.

I've tried w/ both IE and Firefox, same on both.

I used to use sessions all the time with PHP. I find that they usually stay active for as long as the current browser window is open. From memory it stores all the data by default in a temporary dir ( /tmp or wherever ) and then use some sort of identifier to work out which session belongs to which session file, usually the session_id. For it to do sessions based on cookies I think you need to specify somewhere where you open the session.

To use sessions I usually use a single hash style array so all I need at the start of each php file ( or in a global include file ) is :

session_register("SESSION");
$SESSION = array();

then I can use $SESSION like a normal array / variable which is automaticall carried between pages during a session.

if ( !isset($SESSION[LoggedOn]) ) {
if (! isset($PHP_AUTH_USER) ) {
Header("WWW-Authenticate: Basic realm=\"REALM\"");
Header("HTTP/1.0 401 Unauthorized");
echo "Access Denied...\n";
exit;
} elseif ( $PHP_AUTH_USER == $username_from_db && $PHP_AUTH_PW == $password_from_db ) {
$SESSION[LoggedOn] = 1;
} else {
$SESSION[LoggedOn] = 0;
}

last edited by stinky at 11:36:33 15/Feb/05

last edited by stinky at 11:36:39 15/Feb/05

The default behaviour of sessions is to terminate when the browser is closed. If you use session_set_cookie_params(), you can override this behaviour. Its certainly working to some extent - the sessions are persistent across browser close, but they don't last as long as they should, according to what I'm setting the expiry value to.

Ahhh yeah gotcha. Didn't read/realise you were trying to keep session after closing browser. Never needed to do that, so no experience with it. GOOD LUCK!

btw, check to see how phpbb etc do it, might help you out.

Trog, maybe you should write your own session handling system and steer away from PHP’s internal one. That way you could create something that’s data base driven, and then do session garbage collection (expiring sessions) in your own way.

http://au2.php.net/manual/en/function.session-set-save-handler.php

But I don't WANT to!

TOO BAD!

I guess the one thing to remember, is the cookie that the client gets is seperate from the session data stored on the server. Even if you set the cookies expiry, you still have to prevent php from cleaning up the old session data tempoary files.

Edit: If I were making a something that used sessions that needed to store data for a reasonably long time, I would probably incorporate the archival of current session data into a separate location (be it a database table) into the garbage collection routine (based on a "keep me logged in" flag), and create a cookie that stored some form of "auto login" information, be it a hash created when the original session ID was created to retrieve data when the user returns to the site.

last edited by scuzzy at 13:56:18 15/Feb/05

shut up trog and get back to work, sheesh

Yeah someone in the office has to work now that they are all professional MMOG players

shut up obes and get back to buying a 4wd, sheesh

Trog if you are looking for a solution for the session problem that involves database use, I recommend looking at a book called "PHP Cookbook". With the small amount of PHP code that I did write I found it really useful because it gives you code and solutions for various PHP problems. I'm pretty sure there was a chapter on session management (using mySQL). It's a really handy book.

We actually already have a session management system that uses databases, but I wanted to use the inbuilt PHP one.

In any case!!!!! session.gc_maxlifetime seems to have fixed my problem. Changed it yesterday to several days and I'm still logged in this morning. Thanks Opec!

I won this thread. Where's my cookies (hehe)

Now a half nice design wouldn't go astray, or am i asking too much =P