0

I have a login functionality in which I initiate a new session with the code below. The problem is that - mostly on Android/Chrome - the session parameter $_SESSION['hashed_pw'] that is set in a "function login" and is used to control the login status gets lots after a few hours even though I don't want the session to expire at all. Can somebody help me with this?

Thanks, Frank

function sec_session_start() {
    $session_name = 'sec_session_id';   // vergib einen Sessionnamen
    $secure = SECURE;
    // Damit wird verhindert, dass JavaScript auf die session id zugreifen kann.
    $httponly = true;
    // Zwingt die Sessions nur Cookies zu benutzen.
    if (ini_set('session.use_only_cookies', 1) === FALSE) {
        header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
        exit();
    }
    // Holt Cookie-Parameter.
    $cookieParams = session_get_cookie_params();
    session_set_cookie_params(999999,
        $cookieParams["path"], 
        $cookieParams["domain"], 
        $secure,
        $httponly);
    // Setzt den Session-Name zu oben angegebenem.
    session_name($session_name);
    session_cache_limiter(4320);
    session_start();            // Startet die PHP-Sitzung 
    session_regenerate_id();    // Erneuert die Session, löscht die alte. 
}
Jamie Bicknell
  • 2,306
  • 17
  • 35
perlfan
  • 11
  • 2
  • Are you calling this before anything is output to the browser? – Jamie Bicknell Jun 28 '16 at 16:49
  • have a look at [this question](http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes) – Roshan Bhumbra Jun 28 '16 at 16:50
  • The header was given out before session_start (see below): require('layout/header.php');. I'll try also session.cookie_lifetime but the problem is that the session is still there and valid for a long time but after a certain time my session variables seem lost as the login works but after some hours login won't work anymore. Frank – perlfan Jun 29 '16 at 04:23
  • The problem is really that I still see the session and it is valied for several days, but obviously the session variables that I use to store login information are lost. Even if I set session.gc_maxlifetime and session.cookie_lifetime it doesn't help....:-( – perlfan Jun 29 '16 at 16:03
  • I solved this on my own - changing the directory where sessions are saved helped me, because my provider empties the default directory (tmp) every half an hour or so. FRANK – perlfan Jul 05 '16 at 08:45

0 Answers0