0

From what I thought I understood from sessions, this should be the case:

  • session times out based on what is set in the php.ini, lets say 30 minutes
  • if a user continues to browse and we update, lets say $_SESSION['last_activity']=time();, then the session will be active for 30 minutes from the last activity

But what I am seeing is:

  • user logs in and session is started
  • user continues to browse
  • after 30 minutes, user is kicked off and annoyed, has to login again

Is this a server misconfiguration and why it is being destroyed even though the user is remaining active?

Thanks for the help!

000
  • 3,976
  • 4
  • 25
  • 39
scott
  • 1,068
  • 1
  • 9
  • 20
  • Do you have `session_start()` on every page or only on the login page? – JJJ Jul 23 '12 at 08:25
  • Yes I do start_session(); immediately (the page is the same wherever the user goes as it serves up the sub pages/templates) – scott Jul 23 '12 at 08:25
  • try this http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes – 000 Jul 23 '12 at 08:26
  • @RishiKalia That seems to be more about making sure it times out exactly at 30 minutes. That isn't my issue, my issue is if the user is still active, the session shouldn't expire; the session should remain active until the user does nothing for approximately 30 minutes – scott Jul 23 '12 at 08:30

1 Answers1

0

Make sure you are calling:

session_start();

on every page that the visitor is accessing. This will reset the session clock.

Christopher Briggs
  • 148
  • 5
  • I do that on every page (the page is the same everywhere; index.php starts with session_start(); runs a few tasks and serves up the correct template based on the url) – scott Jul 23 '12 at 08:26