Session expires after 30 minutes

[rob51383]

I have browsed around the forums and found quite a few people asking the same question with the same problem I have (just time differences) but no answer.

My problem is the session is expiering after 30 minutes of inactivity. After reading a few other post I have come to the conclusion that the time a session expires is determined by the PHP settings which I do not think I have access to because I am on a shared webhost provider (Maybe I can access them but how?).

I saw about 5 post where $_SESSION() is explained but nowhere on how to prevent the session from expiring.

How do I make it so the session will ONLY expire when the browser is closed or expire after a specified time? I am trying to avoid cookies on the client side.

I am using PHP 4.2

Here is the code I am using to test the sessions, I documented it so others just looking to setup a session can use it:

<?php

session_start(); // Start the session

// The below if statement checks if the variable 'count' is "registered" so it knows
// if it needs to continue or open a new session.

if (!session_is_registered('count'))
        { // If there is no current session

        session_register('count');  // register the variable 'count' as a global session value
        session_register('sid');    // register the variable 'sid' as a global session value 
        $sid = session_id();        // make the global variable $sid = the current session ID
        $count = 1;                 // Make the global variable $count = 1

	}
else
	{ // if the session allready exist
	$count++;                   // incriment $count + 1
	}

// print some HTML
print <<<this
<p>Hello visitor, you have seen this page $count times.</p>

<p>To continue, <a href="_test.php?sid=$sid">click here</a>.</p> 
this;

?>

 

[sleipnir214]

I don't understand what you mean when you say, "I am trying to avoid cookies on the client side." PHP, by default, uses a cookie on the client to store the session index.

All of the php.ini settings which control session life in PHP are of the type "PHP_INI_ALL", which means they can be set using ini)set() (see

http://www.php.net/manual/en/ref.session.php

and

http://www.php.net/manual/en/function.ini-set.php).

See faq434-4908 for a discussion of what PHP's session setting do.

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[rob51383]

What kind of cookies does PHP use for $_SESSION? When I create a traditional cookie with PHP is is placed into my cookie folder. When I disable cookies in my browser the cookie does not get created as expected.

Now when I use sessions and I have cookies disabled everything works fine, except that they expire after 30 minutes. Even when I have cookies enabled $_SESSION does not create a cookie. This leads me the believe the "cookie" you are saying is used in sessions is not a client side cookie, or at least a traditional cookie located in the browser cookie folder.

I have read all of your material numerous times (Including the FAQ) and combed php.net for the past 2 days looking for the solution before even posting this. Your FAQ is great at explaining what happens when a session is opened but it does nothing to solve my problem.

After reading your post I figured I would try something else I found and that is to add:
session_set_cookie_params ( '1', '/' , '.domain.com' , '0');

but the cookie does not expire after '1' minute. It has not been 30 yet, but I bet that it will expire then still.


Is there any code or function or anything the establishes a time for the session to expire!?

 

[sleipnir214]

or at least a traditional cookie located in the browser cookie folder.

Is there any other kind of cookie in the web world?

I don't know what your environment is. But by default, when PHP session variables are in use, PHP sets a single cookie with the value of the user's unique session ID. Is your installation instead sending the session ID back and forth vie the URL?


There is no code for making a session expire automatically after a certain period of time. By default, if you set session.gc_probability to the same value as session.gc_divisor (which makes garbage-collection happen every time session_start() is executed), and set session.gc_maxlifetime to 30, then when a session gets to be more than 30 seconds old, 100% of the time, PHP's garbage-collection system will remove the session store.

You might also try playing with session.cookie_lifetime, but you claim to be not using cookies.

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[rob51383]

The session values are not being sent by the URL and no cookie is created on the client side.

Try it out, clear your cookies and copy the code I posted at the top. Then run the script and you will see that no cookie will be created. You can even take the "?sid=$sid" var off the URL and just continue to call "_test.php".

I am using PHP 4 on a UNIX server (Paid web hosting)
My browser is IE 6

I am starting to think about just making the shopping cart with mysql... Do you know of any unique variables I can get from the client side to use as an ID? Off the top of my head I am thinking IP address but is that a guaranteed variable to get?

 

[sleipnir214]

In order for a session variable to be available to PHP, three things must exist. PHP must have a session ID (handed to it by the client's browser), PHP must be able to find a session store that matches that session ID, and the serialized version of the variable must appear in the session store.

You can, with session IDs stored in cookies, set an expiry on the cookie, which causes the browser to not set the ID. Without a session ID to match to a session store, PHP cannot instantiate the session variable in future script runs.

You can have PHP automatically delete the session store on the server. Even if the ID is sent by the browser, there is no matching session store.

You can unset the session variable in an earlier script run.

Want the best answers? Ask the best questions!

TANSTAAFL!!