session time out

**vssp** · Oct 30 '06, 09:45 AM

/* set the cache expire to 15 minutes */
session_cache_e xpire (15);
$cache_expire = session_cache_e xpire();

Now sessio0n expire 15 min Now sheck teh session and u redirect to password.php

vssp

**isekhari** · Oct 30 '06, 11:58 AM

thanks but it is not working.
i set the password in a session variable $_SESSION['password'] = $_POST['password'];

then in the gallery.php i wrote the following code:

Read the Posing Guidelines before you post any code in this forum!! Especially the part about using the [code], [php] and [html] tags when showing code!! - Ronald

<?php
session_start() ;

session_cache_e xpire(15);
$cache_expire = session_cache_e xpire();

if(!isset($_SES SION['password'])){
$msg = "Your session is expired.Please re enter the password";
header("Locatio n: index.php?msg=" .$msg);
} else {
// remaining code to display the gallery
}
?>
Read the Posing Guidelines before you post any code in this forum!! Especially the part about using the [code], [php] and [html] tags when showing code!! - Ronald

wht's wrong in it? i am not getting.
can i change any default settings in php.ini file?
bye

**isekhari** · Oct 31 '06, 06:23 AM

thanks i will use the required codes as per the guidelines from now onwards.
thanks but it is not working.
i set the password in a session variable $_SESSION['password'] = $_POST['password'];

then in the gallery.php i wrote the following code:
[PHP]
<?php
session_start() ;

session_cache_e xpire(15);
$cache_expire = session_cache_e xpire();

if(!isset($_SES SION['password'])){
$msg = "Your session is expired.Please re enter the password";
header("Locatio n: index.php?msg=" .$msg);
} else {
// remaining code to display the gallery
}
?>

[/PHP]

wht's wrong in it? i am not getting.
can i change any default settings in php.ini file?
bye[/QUOTE]

**PatrickM** · Jan 2 '07, 06:06 PM

session_start() ; must be placed AFTER the session_cache_e xpire()
function, not before it.

See: http://us3.php.net/session_cache_e xpire for more info.

Patrick

**howick** · Jan 23 '08, 04:44 AM

session_cache_e xpire is the wrong function. It sets the lifetime of session pages stored on the client's computer (think "web page cache"). It only operates when session.cache_l imiter is set to something other than its default of nocache and has NO VALUE for timing out a session. It's only value is for convenience when surfing a session-controlled web site. Generally (IMHO), you shouldn't be using it at all.

If you want sessions to expire, you need to do one or both (preferably both) of two things.

1) Limit the life of the session on the server.

You do this by setting the session.gc_maxl ifetime variable. This variable sets the maximum life in seconds of a session file on the server. Note that the garbage collector (gc) doesn't start every time session_start() is executed, so a session file may remain on the server longer than its maxlifetime, but once the value is exceeded, the file will be permanently deleted, thus closing the session. You can control (mostly) how frequently the gc is executed, but I'll leave that as an exercise for the reader.

ini_set('sessio n.gc_maxlifetim e', 1800);

Sets the maximum session file life to 30 minutes (1800 seconds).

2) Limit the life of the session on the client.

You do this by setting the maximum life of the session cookie (if you're using cookies, which you should be, they're the most secure method).

session_set_coo kie_params(1800 , '/');

sets all session cookies to 30 minutes (1800 seconds).

NOTES

A) Garbage collection is a PHP event. This means two websites on the same server use the same garbage collector and, without control, the same directory for session files. This means when your neighbor executes the gc, your files can be affected. And if your maxlife is shorter than his, then you're deleting his files sooner than he wants. You can avoid this problem by putting the session files for your website (or any sub-portion of the site) into their own directory using session_save_pa th(PATH); Then, when you start the gc, it only affects your session files, and when your neighbor starts the gc, it only affects his. For improved security, PATH should not be a public directory (c.f. file and directory permissions for your computer.)

B) The '/' in the cookie variable identifies the directories on your website the session cookie can be used for. For most people, leaving it as '/' (all directories) is OK, but keep it in mind. It's a useful tool if there's a user section to your website and an admin section and they both use session cookies. The admin might want to use '/', but the user might want to use '/user', etc.

C) ALL of these commands/variables MUST be executed BEFORE session_start() ; Thus:

Code:

define(SESSION_PATH, '/tmp/mydir');
define(COOKIE_DIR, '/');
define(COOKIE_MAXLIFE, '1800');
define(GC_MAXLIFE, '1800');

session_save_path(SESSION_PATH);
ini_set('session.gc_maxlifetime', GC_MAXLIFE);
session_set_cookie_params(COOKIE_MAXLIFE, COOKIE_PATH);
session_start();

D) Finally, be aware that there's no way to guarantee a session will close in EXACTLY any amount of time. Cookies can be spoofed, which is why you should also use the gc, but the gc might not execute for several minutes (or longer if your site isn't used very often) after the session file times out. No solution is perfect, and you can only approach perfection as the number of people who use your site increases, thereby increasing the frequency of gc operation.

Cheers.

**Osama Mansour** · Nov 14 '10, 01:57 PM

The simplest way to log out:

Put this code at the top of every page, give that you are using the sessions on your website to pass variables. One of these variables is the variable 'time'.

Code:

<?php
session_start();
$t = time();
$t0 = $_SESSION['time'];
$diff = $t - $t0;
if ($diff > 1800 || !ISSET ($t0)) {          //log off after being idle for 30 minutes or trying to log illegally
session_unset();
session_destroy();
Header ('Location: index.php?msg=SessionTimeOut');
Exit;
}
Else {
$_SESSION['time'] = time();
}
?>

good luck...

**avenidagez** · May 16 '13, 10:13 AM

session time out

Excellent explanation, just correcting
use only one COOKIE_PATH or COOKIE_DIR
so the change for example to cookie dir is...
session_set_coo kie_params(COOK IE_MAXLIFE, COOKIE_DIR);

Originally posted by howick

session_cache_e xpire is the wrong function. It sets the lifetime of session pages stored on the client's computer (think "web page cache"). It only operates when session.cache_l imiter is set to something other than its default of nocache and has NO VALUE for timing out a session. It's only value is for convenience when surfing a session-controlled web site. Generally (IMHO), you shouldn't be using it at all.

If you want sessions to expire, you need to do one or both (preferably both) of two things.

1) Limit the life of the session on the server.

You do this by setting the session.gc_maxl ifetime variable. This variable sets the maximum life in seconds of a session file on the server. Note that the garbage collector (gc) doesn't start every time session_start() is executed, so a session file may remain on the server longer than its maxlifetime, but once the value is exceeded, the file will be permanently deleted, thus closing the session. You can control (mostly) how frequently the gc is executed, but I'll leave that as an exercise for the reader.

ini_set('sessio n.gc_maxlifetim e', 1800);

Sets the maximum session file life to 30 minutes (1800 seconds).

2) Limit the life of the session on the client.

You do this by setting the maximum life of the session cookie (if you're using cookies, which you should be, they're the most secure method).

session_set_coo kie_params(1800 , '/');

sets all session cookies to 30 minutes (1800 seconds).

NOTES

A) Garbage collection is a PHP event. This means two websites on the same server use the same garbage collector and, without control, the same directory for session files. This means when your neighbor executes the gc, your files can be affected. And if your maxlife is shorter than his, then you're deleting his files sooner than he wants. You can avoid this problem by putting the session files for your website (or any sub-portion of the site) into their own directory using session_save_pa th(PATH); Then, when you start the gc, it only affects your session files, and when your neighbor starts the gc, it only affects his. For improved security, PATH should not be a public directory (c.f. file and directory permissions for your computer.)

B) The '/' in the cookie variable identifies the directories on your website the session cookie can be used for. For most people, leaving it as '/' (all directories) is OK, but keep it in mind. It's a useful tool if there's a user section to your website and an admin section and they both use session cookies. The admin might want to use '/', but the user might want to use '/user', etc.

C) ALL of these commands/variables MUST be executed BEFORE session_start() ; Thus:

Code:

define(SESSION_PATH, '/tmp/mydir');
define(COOKIE_DIR, '/');
define(COOKIE_MAXLIFE, '1800');
define(GC_MAXLIFE, '1800');

session_save_path(SESSION_PATH);
ini_set('session.gc_maxlifetime', GC_MAXLIFE);
session_set_cookie_params(COOKIE_MAXLIFE, [B]COOKIE_DIR[/B]);
session_start();

D) Finally, be aware that there's no way to guarantee a session will close in EXACTLY any amount of time. Cookies can be spoofed, which is why you should also use the gc, but the gc might not execute for several minutes (or longer if your site isn't used very often) after the session file times out. No solution is perfect, and you can only approach perfection as the number of people who use your site increases, thereby increasing the frequency of gc operation.

Cheers.

session time out

session time out

Comment

Comment

Comment

Comment

Comment

Comment

Comment