[nycphp-talk] Session cookie expiration issue
tedd
tedd at sperling.com
Wed Mar 8 16:27:54 EST 2006
>session_start() is definitely being called in every invocation of
>ever page on the site. (It's in a global include file.) I am not
>jumping in and out of HTTPS, so I will turn them off.
>
>Any other ideas?
>
>
>Thanks,
>
>Stephen
Stephen:
As you have experienced, session's have a 20 minute life-span if
there is no activity from the user. Why it's not holding for you, I
don't know.
The statement session_start() is only used once per script -- I don't
know if it's reactivated by calling it from another script or not.
You could try activating session_start() and then regenerating
another session_id() by using session_regenerate_id(). It goes like
this:
ob_start();
session_start(0;
session_regenerate_id();
ob_end_flush;
This just changes the session_id while leaving all the data intact --
that may reset the time.
Another idea, to maintain the session state, is you might try using
cookies by sending a cookie with the name PHPSESSID to the client.
However, you need to have session_use_cookie = 1 in your php.int.
If the client doesn't support cookies, then you can use
session_use_trans_sid = 0 and then PHP will automatically appends the
session ID to the URL.
The other option is to not allow sessions at all, but instead only
use cookies by changing session.use_only_cookies = 1 in you php.int
directive.
That's all I can find and think of.
HTH's
tedd
--
--------------------------------------------------------------------------------
http://sperling.com
More information about the talk
mailing list