0

I have a site where the users sometimes need over an hour to fill out forms and submit to mysql. I've adjusted the session.gc_maxlifetime to 7200 (2 hrs) and verified cookie timeout is 0 for never. The website still sends them back to the login page after the default 24 minutes without saving their data. I've added session_start() to index and my head.php for all other pages to see via include. any help would be awesome. Hosted on godaddy, so I cannot modify the php.ini, they had me modify .user.ini. when I echo the information it shows correctly.

SESSION START-<?php echo $_SESSION['time']; ?> Displays time user logged in.
SESSION TIMOUT-<?php echo ini_get('session.gc_maxlifetime'); ?> Displays 7200 
SESSION COOKIE-<?php echo ini_get('session.cookie_lifetime'); ?> Displays 0

<?php
function error_found(){
header("Location: inc/records.php");
}
$lifetime=0;
session_set_cookie_params($lifetime);
ini_set('session.gc_maxlifetime', 7200);
session_start();

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-control: no-cache");
header("Pragma: no-cache");

ob_start();

Note: When refreshing the pages, submitting forms, or any other navigation, the session_start() does not update. Could that be the issue?

kayakerpaul
  • 61
  • 5
  • phpinfo.php displays: Directive Local Value Master Value session.auto_start Off Off session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_httponly Off Off session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 1000 1000 session.gc_maxlifetime 7200 1440 session.gc_probability 1 1 session.hash_bits_per_character 5 5 – kayakerpaul Dec 12 '17 at 20:31
  • Are those three lines for debug ? if yeah i would move them after setting all headers and session functions – Marek Maszay Dec 12 '17 at 21:02
  • They are for debugging. They are after everything. they come from an internal page. The SESSION functions are loaded on the index. then the line are from the redirect page "records.php" – kayakerpaul Dec 12 '17 at 21:11
  • Update. I've done some more troubleshooting and the site apparently doesn't care about the SESSION for timeout. I am echoing ini_get('session.gc_maxlifetime') and I see it for the last 3 hours. It is allowing form submissions if I have "refreshed the page" within 24 minutes. Would this then be a cookie issue? Again, I have cookies set to 0. Would any more data help? – kayakerpaul Dec 12 '17 at 23:19
  • I’ve added .user.ini to all sub folders. It is still going back to logon page on submit after 24 minutes idle. I’ve exhausted every option I can think of. Any ideas? In the box, out of the box, random? Anything would be super appreciated. – kayakerpaul Dec 13 '17 at 02:40
  • Quite possible that it is this thing https://stackoverflow.com/questions/8372189/php-sessions-expire-too-soon – Marek Maszay Dec 13 '17 at 07:13
  • Thank you, I will attempt the fixes recommended in that thread and report back. – kayakerpaul Dec 13 '17 at 15:36
  • When I adjusted the Session path to a new directory, the login wouldn’t work any longer. Nothing would post to my logs, and user sign in page would just refresh after submit. Do I need to adjust anything with session.save_path to reflect the changes? – kayakerpaul Dec 14 '17 at 00:19
  • What was path you gave there ? does it exists ? does it has permissions to save files there? – Marek Maszay Dec 14 '17 at 06:57
  • the path i put was: /home/****/public_html/Temp_Session. I created that folder. – kayakerpaul Dec 14 '17 at 16:16
  • and permissions on that folder ? – Marek Maszay Dec 14 '17 at 17:46
  • It was the permissions! so, I checked and the default for the folder after creation was set to read-only. Thanks Marek. I will post answer with my full solution. – kayakerpaul Dec 14 '17 at 18:44

1 Answers1

0

With the help of Marek here is my solution. create new folder for save path. verify permissions are not set to read-only. set phpini.ini or .user.ini in each folder to:

session.gc_maxlifetime = 7200 \\ Seconds you want. I set to 2 hrs.
session.gc_divisor = 1 
session.save_path = /home/folder/public_html/site.com/Your_new_folder
kayakerpaul
  • 61
  • 5