1

I am controlling the user session with a single config file, included in every page. I have login/logout option in my website.

I want to extend user's session destroy timeout to 1 year (even when a user close his browser, the session should be still there unless the user log's out the page).

i am using this to extend user session timeout value,

<?php

session_set_cookie_params(31556952);

ini_set('session.gc_maxlifetime',31556952);

session_start();

//my Other code like DB connections will come below.

?>

and in the PHP.ini

I have set session.gc_maxlifetime to 31556952

But this Doesn't affect anything, user session gets destroyed exactly at 120 second.

I have refered all the stackoverflow related questions but i didn't get any clue.

What would be the problem? any suggestions.

Vignesh Chinnaiyan
  • 411
  • 3
  • 16

3 Answers3

0

I can think of a few things, but it could be caused by many things. You have validated the ini file to make sure everything is ok. I had an issue like this before, turns out I had 2 versions of PHP installed on the server. I was modifying the wrong ini file. Make sure the version of php you are using is the one belonging to the ini you are working with.

Sometimes performing the ini sets in the php file doesnt work for me. Never understood why. When this happens, adding records to the htaccess file to make sure apache is picking them up. session timeout in php code and in htaccess?

The final thing is a little more tricky to find. Try make 100% sure you arent destroying the session somewhere. The fact that it is a hard 120 seconds it would seem like it is the server, but make sure you aren't calling some script with ajax after 120 seconds and for some reason this script is killing the session.

Community
  • 1
  • 1
Dan Hastings
  • 3,241
  • 7
  • 34
  • 71
  • I understand, but i didn't call any scripts to destroy session for every 120 sec. – Vignesh Chinnaiyan Jun 29 '16 at 07:38
  • not intentionally, but it could be a bug. 120 seems very short for a default session time. Have you tried making a separate php script on its own and check how long the session survives with this script? if it also dies after 120 seconds you know the server is to blame and not the application – Dan Hastings Jun 29 '16 at 07:40
  • Hmmm, ini_get(’session.gc_maxlifetime’) this gives exact value 31556952 as i have set in php.in Server – Vignesh Chinnaiyan Jun 29 '16 at 07:42
  • there could be another ini set somewhere in the app that is overriding the value you are setting in the script that is giving you the trouble. If you are running on a linux server, try using a grep command to find the ini set in the application directory – Dan Hastings Jun 29 '16 at 07:45
0

There are a couple of things that might be messing you up

  1. If another script somewhere has a different value for session.gc_maxlifetime and both scripts share the same save space for session data, then the lower value will prevail. If this is your situation, you should save sessions at a custom location so that whatever script is setting a lower lifetime will no longer conflict with this script. You can do that by calling ini_set('session.savepath',NEWPATH). For details, see the docs.
  2. On certain Debian systems setting session.gc_maxlifetime at run time has no effect. Your best bet is to alter it in you php.ini file. This has been reported here.

In your shoes given that you want the session to last many months, I would probably rely on a database to store login cookies.

BeetleJuice
  • 39,516
  • 19
  • 105
  • 165
  • Thanks, NEWPATH can be anything right? Will it affect the existing user session ? – Vignesh Chinnaiyan Jun 29 '16 at 07:37
  • It should be the path to a directory to which PHP has read/write permissions. If you set it at runtime with `ini_set`, I believe it will affect just that session. If you're doing it in a config file that is always run, it will affect all sessions that use that config file. See the docs: http://php.net/manual/en/function.session-save-path.php – BeetleJuice Jun 29 '16 at 07:40
  • Ok i will change my session store path and come back. – Vignesh Chinnaiyan Jun 29 '16 at 07:45
  • Yep the code for changing the path to store the session worked, but it didn't resolve my problem. – Vignesh Chinnaiyan Jun 30 '16 at 00:18
  • Sorry to hear that. There may be something beyond PHP's control that is garbage collecting these sessions. This is even more likely if the same code doesn't have the same effect on another machine. If you can't get it resolved, consider the last paragraph of my answer. – BeetleJuice Jun 30 '16 at 06:28
-2

I thing you need to set session time along with set-cookie with same time duration.

Pramod Kharade
  • 2,005
  • 1
  • 22
  • 41