[greenfloyd]

Hi all,

Is there a way to change default session time from a php script? I've tried most of the php manual examples but nothings seems to work.

Here's what I run now, at the very beginning of the script:

Code:

	session_start();
	session_destroy();
	session_start();
	session_regenerate_id();
	ini_set("session.gc_maxlifetime", 18000);
	$session_life = ini_get("session.gc_maxlifetime");

When I quiry session.gc_maxlifetime it reads the new value, however, the sesssion still expires after 24 minutes (the php default).

TIA

[FnCool]

after some googling, i came up with a couple links that might help, but i'm no expert...

http://us2.php.net/manual/en/ref.session.php
http://www.tek-tips.com/viewthread.c...1143693&page=1
http://robrosenbaum.com/php/howto-di...ut-in-symfony/

[greenfloyd]

Dear FnCool,
Thanks for the refs. After going back over the php manual, for the upteenth time, I have figured out how to keep sessions alive longer. Now if I can just figure out how to get rid of them...

I'll keep trying. If and when I get it I'll post the code.

Thanks again for your help...

[greenfloyd]

Hi all,
While I'm still testing this configuration, so far it seems to be working:

The Roller~Poster application has a Reader page, a Private page and a Signout page.

The Reader is the primary interface. Here's the code for session control:

Code:

<?php
	session_save_path("/home/a7440484/public_html/tmp");
	ini_set("session.gc_maxlifetime", 3600);
	ini_set("session.gc_probability", 100);
	session_start();
	$session_life = ini_get("session.gc_maxlifetime");
	$session_path = session_save_path();

This code:

• Sets a \tmp directory for holding session files.
• Sets the session life to one hour.
• Set the probability of clean-up of old session files to 100% each time a session is started.
• Starts the session.
• Loads a varible to the same value as session life.
• Loads a varible to the same value as my session directory.

The Private page handles all form and db i/o, sign in and posting:

Code:

<?php
	session_save_path("/home/a7440484/public_html/tmp");
	ini_set("session.gc_maxlifetime", 3600);
	ini_set("session.gc_probability", 100);
	ini_set('session.referer_check', 'http://greenfloyd.site90.com/_roller.reader.php');
	session_start();
	session_destroy();
	session_start();
	session_regenerate_id();
	$session_life = ini_get("session.gc_maxlifetime");
	$session_path = session_save_path();

As you can see the first 3 lines are the same as the Reader page. It is important to repeat the same code accross any application's pages that modify the defaults. If a page does include the same code, then values not specified are reset to defaults.

Code:

	ini_set('session.referer_check', 'http://greenfloyd.site90.com/_roller.reader.php');

This will create an invalid session and clear all session data if a user tries to access Private from any other url than the one in this command. The only valid way to get to Private is from the Reader.

Code:

	session_start();
	session_destroy();
	session_start();
	session_regenerate_id();

This is striaght forward, start then destroy than start again Anyway it seems to work. I generate a new id because I use it to create a permanent tracking id and as a table name for user accounts.


The SignOut page clears session data:

Code:

<?php
	session_save_path("/home/a7440484/public_html/tmp");
	ini_set("session.gc_probability", 100);
	session_start();
	session_unset();
	session_destroy();
	$_SESSION = array();

I tried to delete session files but it didn't work. So the next best thing, I figured, is removing all the elements from the session array (the last line). Also note the absense of the session life time command. I figured resetting that value to default on signout made sense so the gc would clean up sooner rather than later.

Please bear in mind this set up has NOT been tested under any significant load.

Cheers.