2

I am using PHP to create a website and I use session for some parts such as keeping user logged in, etc. I set the session timeout to zero, so it expires when the browser is closed. My problem is that when the webpage is opened in the browser for some time and I don't use it, the session expires! I mean when I'm not using the browser (eg. I'm editing my code, or I'm gone for lunch, etc) and after some time I go back to it and refresh it, some times it needs me to login again.

This is the method I use to start the session:

function StartSecureSession(bool $RememberMe = false) {
session_set_cookie_params(($RememberMe? 7*24*60*60 : 0), "/");
session_start();
session_regenerate_id(true);
}

Could anyone tell me what's happening? Thank you

Note: I don't know if it matters, but I use Ubuntu 14.04 and chromium browser

Amir
  • 1,885
  • 3
  • 19
  • 36
  • 2
    It seems that you confuse the cookie-timeout of the session-cookie and the session timeout on the server side. take a lok at the answers here: http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes – Tom Regner Jan 25 '17 at 11:42
  • I mean server side session. this is the method that I use to start it and set its timeout: `function StartSecureSession(bool $RememberMe = false) { session_set_cookie_params(($RememberMe? 7*24*60*60 : 0), "/"); session_start(); session_regenerate_id(true); }` – Amir Jan 25 '17 at 11:44
  • You could use javascript (jQuery) on the client side to trigger session-refreshing requests to the server in the background if there is no activity. Get inspired here: http://stackoverflow.com/questions/220767/auto-refreshing-div-with-jquery-settimeout-or-another-method – Tom Regner Jan 25 '17 at 12:41
  • @TomRegner Actually that's a good idea. I can do that, thanks – Amir Jan 25 '17 at 12:42

1 Answers1

1

Use to set session maxtime:

use following code in your confiuguration file:

// each client should remember their session id for EXACTLY 10 hour
ini_set('session.gc_maxlifetime', 36000);
session_set_cookie_params(36000);

Write this lines before session_start();

Or you can set it in your php.ini file too.

Keyur Mistry
  • 926
  • 6
  • 18
  • Thank you, but what I need is that if the user does not check the 'Remember Me', then the session expires after the browser is closed – Amir Jan 25 '17 at 11:47
  • *"PHP session expires before the browser is closed"*, you are not going so hot today on the accurate answers here... – Nytrix Jan 25 '17 at 12:00
  • @Nytrix Sorry I did not understand, what do you mean? Is the title not clear enough? – Amir Jan 25 '17 at 12:04
  • @Amir No, I was giving critique to KinjalMistry as you clearly asked something different. – Nytrix Jan 25 '17 at 12:05
  • @Nytrix Read the question again. He asked when he was on stand by mode his session goes end. And as you critique to me, you must be aware of the real question. Read the sentence after "My problem is that... " – Keyur Mistry Jan 26 '17 at 02:59
  • @Amir Have tried this solution? If not first try. I am dam sure it will work for you. – Keyur Mistry Jan 26 '17 at 02:59
  • @KinjalMistry I didn't say anything about standby mode! I appreciate your time, but as I stated, I don't want to set an exact timeout; I just want the session to expire when the browser is closed. I think TomRegner has a good idea and I'm giving it a shot – Amir Jan 26 '17 at 04:35
  • @Amir what do you understand by standby mode!? I am answering using 'Standby mode' means 'ideal mode' or say you are not using browser for long time as you are doing code or you are in break time. And if you want to do session expire on browser close, use following: `ini_set('session.gc_maxlifetime', 0); session_set_cookie_params(0);` – Keyur Mistry Jan 26 '17 at 05:13