1

Hello i have a built a user management system for my project.

i am workin with php programming language.

furthermore my aim here is to keep users logged in for at least a year unless they decide to logout themsleves.

so what have i done?

i increased the session.gc_maxlifetime to "31536000" from my cpanel where my project is hosted.

my second action was to then create a session time to match the gc_maxlifetime i have set.

which i read up from here

https://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes

   if (!isset($_SESSION['CREATED'])) {
   $_SESSION['CREATED'] = time();
   } else if (time() - $_SESSION['CREATED'] > 31536000) {
   session_regenerate_id(true);    
   $_SESSION['CREATED'] = time(); 
   }

my issue is i still get logged out dew minutes later.

please how can i make sure my users are logged in for a period of time using

the session.gc_maxlifetime

Lloyd
  • 29
  • 1
  • 8
  • it's because you are re-generating your session AFTER the session is EXPIRED. For the given code, it is for regenerating a session ID, and answer in the URL is about manually expiring a session and not extending it. – FrozenFire Feb 23 '19 at 09:10
  • I forgot to add that `gc_maxlifetime` is for garbage collector settings of PHP, and not directly related to a session. Maybe you are looking for `setcookie()`. http://php.net/manual/en/function.setcookie.php – FrozenFire Feb 23 '19 at 09:18
  • so how can i extend my session for a year @FrozenFire – Lloyd Feb 23 '19 at 09:25

1 Answers1

0

The problem with sessions are the volatile nature of them - if the user closes the browser or if there is a powercut etc the session generally will be terminated. If you set a cookie it will persist if either of the above should occur - there is no need to use a session but you could use the cookie to create the session as below..

I tested this by manually editing the value of expiry as stored in the session file to emulate an old timestamp. Hope it helps.

$cookiename  = 'extended-login';
$sessionname = 'created';

/* expiry: current time + 1year in seconds ( approx ) */
$expiry = time() + ( 60 * 60 * 24 * 365 );
$domain = $_SERVER['SERVER_NAME'];
$path = '/';
$secure = true;
$http = true;

/*
    create a cookie so that even if the browser closes the session can be re-established
    but will maintain the initial expiry time - provided the cookie is not deleted...
*/
if( empty( $_COOKIE[ $cookiename ] ) ) setcookie( $cookiename, $expiry, $expiry, $path, $domain, $secure, $http );
if( empty( $_SESSION[ $sessionname ] ) && isset( $_COOKIE[ $cookiename ] ) ){
    $_SESSION[ $sessionname ]=(object)array( 
        'expiry'    =>  $_COOKIE[ $cookiename ],
        'active'    =>  0
    );
}

if( !empty( $_SESSION[ $sessionname ] ) && !empty( $_COOKIE[ $cookiename ] ) ){
    if( time() > $_SESSION[ $sessionname ]->expiry ){
        /* 
            destroy the cookie & session as the current 
            time is now greater than the year timestamp 
            set in the cookie
        */
        if( ini_get( 'session.use_cookies' ) ) {
            /* get the parameters of the cookie so we can unset it */
            $obj = (object)session_get_cookie_params();
            setcookie( $cookiename, '', time() - 42000, $obj->path, $obj->domain, $obj->secure,$obj->httponly );

            /* kill the session */
            session_destroy();

            /* optionally redirect the user somewhere */
            exit( header('Location: ?session=terminated') );
        }
    } else {
        /* update the session to indicate last active time */
        $_SESSION[ $sessionname ]->active=time();
    }
}
Professor Abronsius
  • 33,063
  • 5
  • 32
  • 46