Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 14 of 14
  1. #1
    Regular Coder
    Join Date
    Aug 2002
    Location
    Oregon, United States of America
    Posts
    882
    Thanks
    1
    Thanked 9 Times in 9 Posts

    Session Timeout Problems [URGENT]

    I am having some issues and weird behavior with the sessions on my host's server.

    I am using the following to set the session timeout to 6 hours:
    PHP Code:
    ini_set('session.cookie_lifetime'21600);
    ini_set('session.gc_maxlifetime'21600); 
    Now, it is my understanding that the session will not timeout until you become inactive, at which point this 6 hour timer is started. Instead, it kills the session 6 hours after it is first created, which is not what I want. How can i make it act the way i expect it to?

    In addition to that, the session should end when the user closes their browser. Currently, it does not. It's like the session is based on IP or something, because opening and closeing the browser (and I mean browser, not browser tab) does not end the session.

    Can somsone help me figure out what the hell is going on, so that my application does not log my users out in mid data-entry?

    Thank you!
    If I'm postin here, I NEED YOUR HELP!!

  • #2
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,044
    Thanks
    2
    Thanked 316 Times in 308 Posts
    Is this on a shared host or a dedicated server?

    For your second question of ending the session when the browser is closed, leave/make the 'session.cookie_lifetime' setting zero.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #3
    Regular Coder
    Join Date
    Aug 2002
    Location
    Oregon, United States of America
    Posts
    882
    Thanks
    1
    Thanked 9 Times in 9 Posts
    Shared. Knowing that that can cause problems, I did move the session files into a folder (below web root) that is in my account only. In attempt to avoid issues.
    If I'm postin here, I NEED YOUR HELP!!

  • #4
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,044
    Thanks
    2
    Thanked 316 Times in 308 Posts
    "Active" to a web server means a http request. If someone requests a form, that form is sent to the browser. That is the end of the "activity" and the session data file carries the time when the session data was written to it when the php script on your form page terminated. If a visitor is taking a long time to fill in a form, the server does not know that.

    Changing the 'session.gc_maxlifetime' should prevent the session data files from being deleted, however, where and how have you changed the session.save_path and session.gc_maxlifetime settings. They need to be set before every session_start() statement. Setting them in a .htaccess file or a local php.ini file would insure they always get set.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #5
    Regular Coder
    Join Date
    Aug 2002
    Location
    Oregon, United States of America
    Posts
    882
    Thanks
    1
    Thanked 9 Times in 9 Posts
    This code is part of a file that is called on EVERY page. The file sets constants, includes some general functions, and sets the session data:

    PHP Code:
    ini_set('session.save_path''/home/user/path');
    ini_set('session.cookie_lifetime'21600);
    ini_set('session.gc_maxlifetime'21600);
    session_start(); 
    Thanks for the input about 'active'. I am aware, and I do mean 'active'. The Application uses a large amount of AJAX. There is actually very little typing, it is mostly all made up with searching the database, and using AJAX to make changes in the session (where all of the data about the 'form' is held until its ready to be saved.)

    So on average, I would say that each user is making a call to the system about 8-12 times a minute. Because of that, it makes no sense that the session would suddenly go "Okay, I've been around for 6 hours, I'm outta here!"

    As I said, the program holds all of the form data in the session. There can sometimes be hours of work held in session variables. So as you can understand, it is URGENT that I stop the session from suddenly disappearing.
    If I'm postin here, I NEED YOUR HELP!!

  • #6
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,044
    Thanks
    2
    Thanked 316 Times in 308 Posts
    There are three possible things going on - 1) The session data files are getting deleted, 2) A new session is getting started because of a change in the host or path portion of the url results in no match with the previous session, or 3) a problem in the code is deleting the session variables/data file.

    For #1, have you checked if session data files are actually present in the folder? Are there any present with file data/times that are older than 6 hours?
    Either use the session_get_cookie_params() function or a phpinfo() statement (after your ini_set... session_start()) to see what the settings actually are.

    For #2 and #3, what are the actual symptoms? Is data just missing or are they getting logged out?
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #7
    Regular Coder
    Join Date
    Aug 2002
    Location
    Oregon, United States of America
    Posts
    882
    Thanks
    1
    Thanked 9 Times in 9 Posts
    Total session loss. All data that they had is gone, and a new session is started, as soon as they try to load any page. If they load a page, my code redirects them to a login page, if they run AJAX, nothing happens, because it has no session data to work with.

    Yes, there are files in the session folder, and there are only recent sessions in the folder (less than 6 hours old)
    If I'm postin here, I NEED YOUR HELP!!

  • #8
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,044
    Thanks
    2
    Thanked 316 Times in 308 Posts
    Seeing your code would be the next step in finding or duplicating the problem.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #9
    Regular Coder
    Join Date
    Aug 2002
    Location
    Oregon, United States of America
    Posts
    882
    Thanks
    1
    Thanked 9 Times in 9 Posts
    I have posted my code twice above.
    The problem occurs regardless of what script is running on what page. It is a site wide problem.
    If I'm postin here, I NEED YOUR HELP!!

  • #10
    Regular Coder
    Join Date
    Aug 2002
    Location
    Oregon, United States of America
    Posts
    882
    Thanks
    1
    Thanked 9 Times in 9 Posts
    Anyone?

    This is becoming a major problem for my clients.
    If I'm postin here, I NEED YOUR HELP!!

  • #11
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Did you run phpinfo() after you used ini_set() to check and see if the changes are even being made?

    Have you tried using htaccess to change them?
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #12
    Regular Coder
    Join Date
    Aug 2002
    Location
    Oregon, United States of America
    Posts
    882
    Thanks
    1
    Thanked 9 Times in 9 Posts
    Yes I did, thank your for the suggestion. It is being changed. Both settings appear in the PHP INFO table.

    I don't think its a problem of setting the values, I think its an issues with how the sessions are acting. Am I right in my understanding that the inactivity timer should restart every time you make a request from the server? Because right now its 6 hours from creation, and it not being restarted when you make a call to the server.

    Thanks!
    If I'm postin here, I NEED YOUR HELP!!

  • #13
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,044
    Thanks
    2
    Thanked 316 Times in 308 Posts
    What you are stating you are doing works (unless you are on some combination of operating system, web server, php version where the file creation time is being used by garbage collection instead of the file modification time) or if your code is not really doing what you state.

    I suspect that your ajax javascript is either not really making a request to the web server or that the .php code page that is requested by the ajax is operating on a different session than the one that is created by the main .php page.

    I tested using ini_set() statements like you are using (ini_set statements have been known to change the displayed values but not actually change values that php uses, especially on Windows) and my generic ajax/php code works as expected, keeping the file modification time current with each ajax request so that the garbage collection does not delete the file.

    So, something specific with your server is not working concerning the file creation/modification date or your code is not doing what you think (and posting it would be the only way anyone would be able to help, as was previously suggested.)
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #14
    Regular Coder
    Join Date
    Aug 2002
    Location
    Oregon, United States of America
    Posts
    882
    Thanks
    1
    Thanked 9 Times in 9 Posts
    The AJAX pages have to be making a request to the server. Otherwise search data, results, and any changes to the session would not be happening. It wold be very obvious if the AJAX were failing or caching, it is not.

    The session is the same as the login session, otherwise the code would detect that the user is not logged in and error. That and a simple var_dump on the session shows that the original login data and the data that all of the AJAX scripts enter are in fact together. Note: It is not only AJAX that is making requests to the server. About every 30 min a group of 10 or more standard HTTP requests are made.

    This is not an issue of the AJAX not working, or the HTTP requests that should keep the server alive working. It is not an issue of the 6 hour limit being imposed. It is an issue of how the 6 hours limit is working. It should be 6 hours from last HTTP request, not 6 hours from creation, which it is now.

    I think what I should be asking is, what do I suggest to my Host in the way of correcting the problem?
    If I'm postin here, I NEED YOUR HELP!!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •