...

View Full Version : $_SESSION Validity



darksecu
11-14-2012, 01:02 PM
On My Site I Set User Name And Other User Information In $_SESSION..
I want to know if i can set validity of session, like session expire on browser restart is default, session close after 10 mins or 1 hour 10 days etc ?


i tried to save value in $_cookie and then parse it to $_session..
but members of my site were getting logged into my account [without doing anything], does cookie works same for every visitor on site ?


----------------------------
Code Was Like This


<?php
ob_start();
session_start();
$_SESSION[username]=$_COOKIE[username];

// Other Config/Main Setting File Content -- Attached to Every Page //

----------------------------

Basically my question is can i set $_SESSION for a time period or how to safely use cookies to store logged in user information (so dont get logged into my account)?

Custard7A
11-14-2012, 02:03 PM
$_SESSION uses cookies to store the data by default.

Using session_set_cookie_params(0) before session_start() will make your session cookies expire when the browser is closed. You can substitute the number with a higher one to reflect the expiration time in seconds(session_set_cookie_params(600) would be 10 minutes). As for users being logged into your account, that is probably an issue with your script logic. I can't see how that would happen with the information you've provided.

darksecu
11-15-2012, 04:18 AM
actually i want users to decide for how long they want to keep logged in...
can the time be set like this ?

session_set_cookie_params($_COOKIE[user_decided_time])

minder
11-15-2012, 04:44 AM
$_SESSION uses cookies to store the data by default.

Using session_set_cookie_params(0) before session_start() will make your session cookies expire when the browser is closed.

Are you sure??

I thought session variables, stored in $_SESSION, are stored on the actual web server and not on the user's local machine.

I think you are confused with the session cooike which identifies the actual user session. session_set_cookie_params aets the session cookie paramaters and not other cookies' parameters.

Custard7A
11-15-2012, 06:27 AM
Edit: I didn't read that last line properly. I don't actually know if session variables are stored on the server or not, I only meant it uses cookies to identify the session or for what-not. I believe setting the session cookies to expire would also be reflected on the entire session, at least, that's what I'm lead to believe.

minder
11-15-2012, 06:42 AM
I don't actually know if session variables are stored on the server or not,

I think you'll find that session variables (stored in the global $_SESSION array) are stored on the server and the session cookie to identify the session, if used, is stored on the user's local pc.

Custard7A
11-15-2012, 06:54 AM
Thanks Minder, maybe I will research it a bit more sometime.

@ darksecu: I assume that it would take variables, as long as you're passing it an integer.

darksecu
11-15-2012, 06:56 AM
Is it safe to re-customize my whole script and use $_COOKIE instead of using session ?

tangoforce
11-15-2012, 09:35 AM
I wouldn't do that no. You just need to set the lifetime of the session cookie.

darksecu
11-15-2012, 01:30 PM
I wouldn't do that no. You just need to set the lifetime of the session cookie.

I Tried to set session_set_cookie_params(20)
but many time i found it didn't work well..

but setcookie works well..



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum