setting session timeout through .htaccess

Re: setting session timeout through .htaccess

On Sat, 12 Nov 2005 12:07:27 +0100, somaboy mx <nosuch@fakemai l.fk>
wrote:
[color=blue]
>Hello
>
>I need people to be able to complete long text blocks in my cms before
>their session times out. From the php documentation I gather that ini
>directive session.gc_maxl ifetime would be the one to adjust here.
>
>I am on shared hosting, so I can't change the php_ini settings directly.
>If I use ini_set, should I do that on every page in my cms, or would it
>suffice to do it on the login page? Or could I do it in a .htaccess file
>(which my host permits)?[/color]

Not sure what a cms is but, If I understand you correctly you are
asking people to type in a lot of text on-line?

This is not good practice generally since there may be some other
break in connection and they will lose their work.

Could you not encourage them to use a text editor or WP and then cut &
paste their text in (just as I have done with this message).

Sorry if I have missed the point of this and got it wrong.

--
John

Re: setting session timeout through .htaccess

John wrote:
[color=blue]
> Could you not encourage them to use a text editor or WP and then cut &
> paste their text in (just as I have done with this message).[/color]

I do. But the reality is that sometimes people get up and go make some
coffee, or go to the john or whatever while they're in the middle of
something. By the time they get back they try to submit the form, and
all of their changes are lost. That's the kind of situation I'd like to
deal with :)

..soma

Re: setting session timeout through .htaccess

On Sat, 12 Nov 2005 12:07:27 +0100, somaboy mx <nosuch@fakemai l.fk> wrote:
[color=blue]
>I need people to be able to complete long text blocks in my cms before
>their session times out. From the php documentation I gather that ini
>directive session.gc_maxl ifetime would be the one to adjust here.
>
>I am on shared hosting, so I can't change the php_ini settings directly.
>If I use ini_set, should I do that on every page in my cms, or would it
>suffice to do it on the login page? Or could I do it in a .htaccess file
>(which my host permits)?[/color]

It's got to be done throughout the site, setting it on the login page isn't
enough. .htaccess is a convenient place to do it. ini_set would work if you
have a central inclue file that's included from all the other pages.

Just increasing the session timeouts in .htaccess on shared hosting may not
work as expected - you probably need to set a separate session directory as
well.

See:

--
Andy Hassall :: andy@andyh.co.u k :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool

Re: setting session timeout through .htaccess

On Sat, 12 Nov 2005 12:44:22 +0100, somaboy mx <nosuch@fakemai l.fk>
wrote:
[color=blue]
>John wrote:
>[color=green]
>> Could you not encourage them to use a text editor or WP and then cut &
>> paste their text in (just as I have done with this message).[/color]
>
>I do. But the reality is that sometimes people get up and go make some
>coffee, or go to the john or whatever while they're in the middle of
>something. By the time they get back they try to submit the form, and
>all of their changes are lost. That's the kind of situation I'd like to
>deal with :)[/color]

That's precisely why you need to minimize the time spent completing
the form in online with a good design for the page.

Must say I don't ever remember going to the toilet half way through a
filling a form.

--
John

Re: setting session timeout through .htaccess

On 2005-11-12 07:36:59 -0500, Andy Hassall <andy@andyh.co. uk> said:
[color=blue]
> On Sat, 12 Nov 2005 12:07:27 +0100, somaboy mx <nosuch@fakemai l.fk> wrote:
>[color=green]
>> I need people to be able to complete long text blocks in my cms before
>> their session times out. From the php documentation I gather that ini
>> directive session.gc_maxl ifetime would be the one to adjust here.[/color][/color]

Forgive me If I am missing something but do PHP sessions not live for
the life of the browser?
In all of my sessions work with PHP (which has been limited) the
session identifier cookie is set automatically by PHP with an expiry
time of the life of the browser... so until someone quits IE or Firefox
or whatever... their cookie is alive... therefore when they try to
access the session data again, as long as they didn't quit their
browser before going to the john.... then their form would work as
expected when they return.

Perhas we are talking about different concepts?
(This is more of a question than a helpful response, I would like to
understand.)

-Ci

Re: setting session timeout through .htaccess

On Sun, 13 Nov 2005 19:49:41 GMT, Ciphex .? <ciphex@mac.com > wrote:
[color=blue]
>Forgive me If I am missing something but do PHP sessions not live for
>the life of the browser?
>In all of my sessions work with PHP (which has been limited) the
>session identifier cookie is set automatically by PHP with an expiry
>time of the life of the browser... so until someone quits IE or Firefox
>or whatever... their cookie is alive... therefore when they try to
>access the session data again, as long as they didn't quit their
>browser before going to the john.... then their form would work as
>expected when they return.[/color]

The cookie may be a browser-session cookie (by default) with no timeout, but
PHP has its own timeout after which the session data is subject to deletion.
(There's nothing to stop someone opening a browser, starting a session and
keeping that browser open for a year...)

Since there is no way for PHP to know when a user has closed their browser,
PHP must have a way of expiring the session data from the server.

Also, the session cookie doesn't have to be a browser-session cookie anyway,
it can be a normal cookie with a specific timeout.
--
Andy Hassall :: andy@andyh.co.u k :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool