I'm a bit stuck here. I've made a quick website for work to make it easier then filling in a google spreadsheet, however, I've got a little stuck on the sessions.
If you sit on a page for over fifteen minutes when you try to navigate to the next it logs you out and you have to log in again, potentially losing any edits on the previous page. I'm trying to increase that to two hours figuring no one's going to nip to the bathroom or grab a coffee for that long.
So I increased my session.gc_maxlifetime & session.cookie_lifetime in my php.ini to two hours:
session.gc_maxlifetime = 7200
session.cookie_lifetime = 7200
The way my host manages this is on a per site basis so has thrown a bunch of code into the .htaccess, user.ini and a php.ini in the root directory of my site.
However, my site keeps logging out after every fifteen minutes.
Each page starts with:
session_start([
'use_only_cookies' => 1,
'cookie_lifetime' => 0,
'cookie_secure' => 1,
'cookie_httponly' => 1
]);
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 7200)) {
session_unset();
session_destroy();
}
$_SESSION['LAST_ACTIVITY'] = time();
if (!isset($_SESSION['CREATED'])) {
$_SESSION['CREATED'] = time();
} else if (time() - $_SESSION['CREATED'] > 5200) {
session_regenerate_id(true);
$_SESSION['CREATED'] = time();
}
Which I've taken from:
How do I expire a PHP session after 30 minutes?
https://guides.codepath.com/websecurity/PHP-Cookies-and-Sessions
However, adding this hasn't changed the behaviour from just having session_start(); but I've left it in as it seems it would be useful, if it worked. I've seen mention of using:
int_set('session.gc_maxlifetime',7200);
but when I throw that into my site it doesn't load, HTTP ERROR 500 in the browser and:
PHP Fatal error: Uncaught Error: Call to undefined function int_set() in /home/host/www.site.com/includes/session_log.php:2
in the log file (row 1 being <?php btw, from what I read it needed to go at the very start, so I moved the session_start([ stuff down a row for it).
The server is Apache 2.4.41 with PHP 7.3.11
I've looked at the cookie the site sets and nothing seems amiss there:
PHPSESSID
Name
PHPSESSID
Content
1d25972d16762a4af8c4d65ad42e1249
Domain
www.site.com
Path
/
Send for
Any kind of connection
Accessible to script
Yes
Created
Sunday, 5 January 2020 at 13:47:54
Expires
When the browsing session ends
Not being an actual programmer I'm at a bit of a loss here, usually I can google my way to an answer (usually found on Stack Overflow) but not managing it today as everything I've read, I've tried, and I still can't get passed the fifteen minute time out.
Just for clarity, it's fifteen minutes from the last page load, not sign in, so something is working to refresh the users session, just can't seem to increment that past fifteen minutes = \
