4

In an attempt to handle expiring PHP sessions more gracefully, I have inserted the following in my PHP code:

$sessionLifeTimeInSeconds = ini_get ("session.gc_maxlifetime");
echo '<script type="text/javascript">' . "\n" .
     '  setTimeout (function () {' . "\n" .
     '    alert ("Your login session will expire in 3 minutes.");' .
     "\n" .
     '  }, ' . ($sessionLifeTimeInSeconds - 180) * 1000 . ');' . "\n" .
     '</script>' . "\n\n";

Which works. However, now I notice that after clicking the 'OK' button on the javascript alert and no further activity whatsoever, the session does not expire when the timeout (the default 24 minutes in this case) has been reached.

Should the alert popup box extend the session? If so, can this be avoided and if so, how?

I'm using Firefox 44.0 on Ubuntu Linux, if that's relevant at all.

Frank van Wensveen
  • 562
  • 3
  • 20
  • The popup shouldn't extend php session duration in any way, but maybe there is more code (that you should provide us) that extent it. – Damien Fayol Feb 14 '16 at 17:28
  • Nope, there's none. This is the only change to the PHP code. Before the insertion of this simple Javascript snippet sessions expired after 24 minutes (the PHP default), and now they don't. No other changes to the code have been made, nor has any other interaction or client/server requests taken place. Hence the question, because I didn't think this should happen. – Frank van Wensveen Feb 14 '16 at 17:31
  • The alert popup is client side. No request is done to the server. Thus the php session is not extened. You have to reload the site when you want to accomplish that. – Fuzzyma Feb 14 '16 at 17:40
  • Maybe not the answer to your question but it's related: http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes – MinusFour Feb 14 '16 at 17:45
  • Why dont you manually destroy the `session`? – Mr. Engineer Feb 14 '16 at 17:52

1 Answers1

0

The popup box does not extend the session because the session is hold by the server for 24 minutes and only extends if there is an interaction with the server.

Try to do a server call via javascript in your javascript function to extend the php session, for example an AJAX Call to the root:

$sessionLifeTimeInSeconds = ini_get ("session.gc_maxlifetime");
echo '<script type="text/javascript">' . "\n" .
    '  setTimeout (function () {' . "\n" .
    '    alert ("Your login session will expire in 3 minutes.");' .
    '    xhttp.open("GET", "/", true);' .
    '    xhttp.send()' .
    "\n" .
    '  }, ' . ($sessionLifeTimeInSeconds - 180) * 1000 . ');' . "\n" .
    '</script>' . "\n\n";
Florian
  • 531
  • 1
  • 4
  • 6