0

I am having problem with a session variable. The problem is that with a session variable, after a period amount of time, if the user refreshes a page or something like that, it will start displaying notices stating that there are some undefined indexes.

Now I want to still use session variables but how can I keep the session going for longer? I have heard that we developers can use something like tokens so that even if the user becomes idle for a day or two or even longer, that when they refresh the page or navigate to another page, there won't be any undefined indexes notices appearing on screen.

Does anyone have any examples on using tokens?

Thanks

user1653070
  • 39
  • 1
  • 9
  • I am not sure I totally follow - are you saying that the browser remains open? Are you saying you don't want to use cookies? I would like to help or at least see what the answer is going to be! – MazB Sep 09 '12 at 20:02
  • @MazB It is hard to explain but simplyafter a long amount of time, a session does expire wheh using a php SESSION variable. So I want to know how do I make a SESSION variable go longer so that it doesn't expire straight away? I think it is tokens but I am not sure. If it is cookies then are cookies set by the browser only? – user1653070 Sep 09 '12 at 20:08
  • Hmm - yes. I am going to have a look through the manual because I am not sure how to answer this one. I would have thought there should be a ini_set() command you could use if you cannot access the php.ini file and so set the max session timeout or something. I am looking... – MazB Sep 09 '12 at 20:09
  • I found this: http://stackoverflow.com/questions/156712/php-what-is-the-default-lifetime-of-a-session that might help... – MazB Sep 09 '12 at 20:12

1 Answers1

1

Session variables are for sessions - by default, they have a short lifespan (20 minutes or so).

This means that when your session has timed out, you will start seeing notices for session variables no longer defined, when trying to use them (at least if you have error reporting with notices enabled).

Normally, you check if the session variable exist - and handle it if it doesn't:

if( ! isset( $_SESSION['my_var'] ) )
{
  // This session doesn't exist anymore - I'd better head over to the start page...
  header('Location: index.php');
  exit;
}

Now, I wouldn't recommend you to set the lifetime of a session up to two or three days. Instead, you should take a look at setting cookies and defining the content and lifespan for each of these:

setcookie('my_var', 'My Value', time() + 60 * 60 * 24 * 3); // a cookie lasting three days

Though, you will have the same issue with notices on the forth day if you don't check up on the existence of the cookie:

if( ! isset( $_COOKIES['my_var'] ) )
{
  // This cookie doesn't exist anymore - I'd better head over to the start page...
  header('Location: index.php');
  exit;
}
Repox
  • 15,015
  • 8
  • 54
  • 79
  • Great answer Repox - i found some info here: http://stackoverflow.com/questions/156712/php-what-is-the-default-lifetime-of-a-session that details what you mentioned about the timeout. – MazB Sep 09 '12 at 20:14
  • I saw your link - although I still believe expanding the lifespan to two or three days seems like a bad option. – Repox Sep 09 '12 at 20:15
  • yeah in general i think it might be a better option to utilise either a db or cookies. i find it hard to judge for sure without knowing what they are doing - there are some very unique systems out there. – MazB Sep 09 '12 at 20:19
  • Can I just ask 1 question. If I want to change `$_SESSION['teacherid']` into a cookie. When I set the cookie is it like this: `setcookie('teacherid', 'teacherid', time() + 60 * 60 * 24 * 3); ?` Obviously then it will be $_COOKIES['teacherid']. Do I need a 'My Values' in setcookies()? – user1653070 Sep 09 '12 at 20:58
  • @user1653070 The cookie needs a value - One would think that a session variable named 'teacherid' contains an integer refering to an ID? Your code should look something like this: `setcookie('teacherid', 3, time() + 60 * 60 * 24 * 3);` – Repox Sep 09 '12 at 21:01
  • Ok so the 'My Value' could be anything, it is just the name I want to give to the cookie? – user1653070 Sep 09 '12 at 21:05