0

Is there any way I can store a $_SESSION variable for a limited amount of time?. Imagine I generate an identifier and I want it be stored for like 2 hours, is this possible? And I want that variable stored even if someone delete the cookies.

This is how I give $_SESSION a random identifier:

session_start();
        if (!$_SESSION['randomid'])
        {
            $_SESSION['randomid'] = uniqid();
        }

Thank you in advance,

SkyDriver2500
  • 47
  • 1
  • 12
  • 1) The session id is already a random id. 2) Sessions are time limited by default, you can tweak the limits yourself. 3) The value may continue to be *stored* on the server after someone deletes their cookie, but it becomes inaccessible and nonexistent for all intents and purposes. – What do you want this for, really? – deceze Feb 07 '15 at 13:11
  • I want this to limit the amount of submits. – SkyDriver2500 Feb 07 '15 at 13:13
  • So you want to implement a [CSRF token](http://en.wikipedia.org/wiki/Cross-site_request_forgery#Synchronizer_token_pattern)? – deceze Feb 07 '15 at 13:14
  • [What have you tried so far??](http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes) – Amit Verma Feb 07 '15 at 13:15
  • 1
    For rate limiting this really doesn't work, since **you cannot rely on a cookie**. If you do not require a login, then you will have to rate-limit by IP primarily (additionally to cookies for "honest" high-rate users). – deceze Feb 07 '15 at 13:16
  • Using CSRF what happens if someone delete the cookies? – SkyDriver2500 Feb 07 '15 at 13:18
  • @deceze, will have a look at it, thank you. – SkyDriver2500 Feb 07 '15 at 13:20

0 Answers0