0

I am attempting to create a session ID for the user that lasts 1 hour.

User logins once - randomid generated - added to session.

User logins again within 1 hour, same Session ID applies.

If user logins after 1 hour, generate a new ID.

So far, I have this

session_start();  
//create random sid
$today = date('YmdHi');
$startDate = date('YmdHi', strtotime('2012-03-14 09:06:00'));
$range = $today - $startDate;
$rand = rand(0, $range);
$sid= ($startDate + $rand);

 //first time user

if(isset($_SESSION['sessionid'])) {

    $_SESSION['sessionid'] = $sid;

}
   //visiting user
else
    {
        $_SESSION['sessionid'] = $_SESSION['sessionid'];
     }

echo $_SESSION['sessionid'];

How do I add a timeout for 1 hour? I have seen examples where cookies are used. I am hoping to be able to use only server-side sessions?

Any ideas?

Cody Raspien
  • 1,753
  • 5
  • 26
  • 51
  • 1
    Just curious: Why are you doing this? --> `$_SESSION['sessionid'] = $_SESSION['sessionid']`. – Jonathan M Jul 13 '16 at 19:50
  • you have to take something like user name and pasword and store it, then check if that combination exist in any session and if it does, check if the session is "active" (`if(($startDate + 1 hour) > date('YmdHi')){ newSession}else{session is open!}` – DIEGO CARRASCAL Jul 13 '16 at 19:56
  • Look here, specifically at `session_set_cookie_params()`, and the parameter you want is `lifetime`. http://php.net/manual/en/ref.session.php – Jonathan M Jul 13 '16 at 19:58
  • @DIEGOCARRASCAL, that's not true if you're using PHP sessions. – Jonathan M Jul 13 '16 at 19:59
  • 1
    You don't need to mess with a unique session ID. When using PHP sessions, it handles all IDs, which are always unique. What you really want is for the session to expire after 1 hour. – Jonathan M Jul 13 '16 at 20:23

2 Answers2

4

If you want a random ID to be attached to a session that refreshes after one hour, simply store the time it was last generated with the session.

For example:

session_start();

function regenerate() {
    $_SESSION['code'] = uniqid();
    $_SESSION['code_time'] = time();
}

if (empty($_SESSION['code']) || time() - $_SESSION['code_time'] > 3600)
    //if there's no code, or the code has expired
    regenerate();

echo "Your code is " . $_SESSION['code'] . " it was generated on " . date('m/d/Y h:i:s a', $_SESSION['code_time']);
Dave Chen
  • 10,887
  • 8
  • 39
  • 67
  • 1
    Change the `3600` to `10` see it refresh after 10 seconds. – Dave Chen Jul 13 '16 at 20:11
  • Thanks. Do I need to have this on the 1st entry page only? How do I carry this value to a 2nd page (user on 1st page clicks on url of 2nd page - the session has to stay the same)? – Cody Raspien Jul 13 '16 at 23:23
  • You would need to `include` this code on every page that uses the code. So if the user visits `page1.php`, then after one hour he visits `page2.php`, and you want the code to update, you would need this code on both page1 and page2. – Dave Chen Jul 14 '16 at 00:03
3

If you want the session to expire 600 seconds after the first visit:

<?php
  $lifetime=600;
  session_set_cookie_params($lifetime);
  session_start();
?>

If you want the session to expire 600 seconds after the user's latest visit:

<?php
  $lifetime=600;
  session_start();
  setcookie(session_name(),session_id(),time()+$lifetime);
?>

Docs: http://php.net/manual/en/book.session.php

Jonathan M
  • 17,145
  • 9
  • 58
  • 91