0

I have an intranet site that has to perform complex and lengthy MySQL operations, and I have to find a way to prevent a PHP Session timeout from happening while this is going on.

A PHP page has all the form data that the user can fill out. When the user hits the submit button, an Ajax call goes out with that data, and the Ajax call waits until the operation is completed and then notifies the user of the result. I have to prevent the site from timing out while this call is going on.

My first thought was to use setInterval and run a second ajax call every 10 seconds to a page that only loads the session and refreshes some of the data in it, but during a first test I noticed that the second call and any further calls were not answered until the first one completed (I used PHP sleep(20) in my first call to simulate a long wait). My script started several new ajax calls (which I watched in Firebug), but they all waited until the first call was completed - there was no response from the server until then. I think the server simply ignores a second call from the same client until the first is done. I doubt Apache would stop accepting calls because PHP is waiting for sleep to finish...

During my research on this I haven't really found out yet what event is used to consider a Session timeout. One page claimed that just using Ajax to load a picture would extend the Session time, but that doesn't sound right to me since that doesn't involve PHP - besides, if the server doesn't accept a second connection, that won't work. Another page said it has to do with whenever the Session variable data is being written do, but again that also doesn't match my experience since I have plenty of pages that write during login but not after that.

So my question is two-fold:

  1. Which exact events have to happen or not happen within a given timeout period for the Session to be considered "timed out"? I am guessing there are two timers involved here - the cookie timeout in the browser and the Session timeout in PHP, but these are just guesses, and I'd like to hear from the experts on this.

  2. How can I keep that Session alive while the process is still going on? The process may take an hour or longer. The site is an intranet site and not accessible from outside the network, so security is not quite as big an issue, but I still want the regular Session timeout to work outside of this page.

OK, I feel the need to clarify here.

I am trying to find out what happens behind the scenes on the server whenever a PHP session timeout is involved.

For example: If I have a script that takes 1h to create a PDF file but the timeout is set to 30 minutes, will the timeout be triggered because the user/browser/mouse is not active, or will the timeout NOT be triggered because a script is still running?

What I would like to know is what EXACTLY is going on - what events take place (both user and server created) in prolonging a session before it times out?

You can tell me about PHP settings all day, and I still won't know what happens.

Let's start with the basics as far as I understand them:

A typical session may consist out of a session file on the server, a session id, and often a cookie in the client browser that holds the session id and a timestamp.

I'm assuming that the session file on the server or some index of session files also includes a timestamp.

Which events cause these timestamps to be updated, and which of these timestamps is being used to determine that the session has timed out or not? I could see the server testing the cookie's expiration date to determine if the session should timeout or not, but it's probably safer to rely on the server information.

This is the type of information I'm looking for here.

Maybe I should close the original question and write a new one with this information - I'm open to suggestions here. When I wrote the original post, I just needed an answer for my project, but I realized that I will never fully understand the process until I know the workings in the background.

semmelbroesel
  • 543
  • 1
  • 8
  • 27
  • 1
    possible duplicate of [How to set lifetime of session](http://stackoverflow.com/questions/6360093/how-to-set-lifetime-of-session) – Marcin Orlowski Jan 12 '15 at 19:51
  • You are reinventing the wheel. Just make your session life time longer than default. – Marcin Orlowski Jan 12 '15 at 19:52
  • 1
    So, you have an ajax call that takes 30 minutes to process? Sounds like a bad idea to me. Especially if you actually intend the user to wait for the response! – developerwjk Jan 12 '15 at 19:55
  • @semmelbroesel, is the session timing out or is it the script execution time? What error are you getting exactly? If it's the script timing out(my experience shows that this is the most likely), you can use the [set_time_limit()](http://php.net/manual/en/function.set-time-limit.php) function to fix this. – RattleyCooper Jan 12 '15 at 20:03
  • The page in question is a batch editor that allows changes to massive amounts of data at the same time. The user knows that execution of it could take a long time, and there's nothing much I can do about the speed. - I am talking about Session timeout, not page timeout (`set_time_limit`) which is set to 0. I want to make sure that when the script is done, the result actually makes it to the browser through ajax instead of a "time out, access denied, log back in" message. – semmelbroesel Jan 12 '15 at 20:54

1 Answers1

0

First, you have to know that while the user is active (browsing your Intranet by classic Link, or by ajax, because apache server can not make a distinguish) your sessions still alive.

If user become inactive after a period of time, or disconnect from your Intranet, so the minimum of time that the session will be destroyed will be tha value of the parameter that was set in php.ini :

session.gc_maxlifetime= TIME_IN_SECONDS

To configure properly the session time out you have to configure these 3 parameters : 

; Defines the probability that the 'garbage collection' process is started
; on every session initialization. The probability is calculated by using
; gc_probability/gc_divisor. Where session.gc_probability is the numerator
; and gc_divisor is the denominator in the equation. Setting this value to 1
; when the session.gc_divisor value is 100 will give you approximately a 1% chance
; the gc will run on any give request.
; Default Value: 1
; Development Value: 1
; Production Value: 1
; http://php.net/session.gc-probability
session.gc_probability=PROBA_CHANGEME

; Defines the probability that the 'garbage collection' process is started on every
; session initialization. The probability is calculated by using the following equation:
; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
; session.gc_divisor is the denominator in the equation. Setting this value to 1
; when the session.gc_divisor value is 100 will give you approximately a 1% chance
; the gc will run on any give request. Increasing this value to 1000 will give you
; a 0.1% chance the gc will run on any give request. For high volume production servers,
; this is a more efficient approach.
; Default Value: 100
; Development Value: 1000
; Production Value: 1000
; http://php.net/session.gc-divisor
session.gc_divisor=DIVISOR_CHANGEME

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
; http://php.net/session.gc-maxlifetime
session.gc_maxlifetime= MAX_LIFE_TIME_CHANGEME
Halayem Anis
  • 7,654
  • 2
  • 25
  • 45
  • I had read the "while the user is active" part, but that's still somewhat vague. I doubt PHP will keep the session alive while the user waves the mouse around. I need to know what exactly causes the timeout to be extended - loading any file from the server, `session_start()`, loading data in `$_SESSION`, or saving data to `$_SESSION`. – semmelbroesel Jan 12 '15 at 20:56