NYCPHP Meetup

NYPHP.org

[nycphp-talk] Session timing out too soon

Dan Cech dcech at phpwerx.net
Thu Dec 4 09:23:27 EST 2008


Aaron Fischer wrote:
> I would like to have the user be able to be logged in for a full eight
> hour day, regardless of their level of activity.
> 
> How would I do this?  I would appreciate any suggestions.  Also of note,
> I am in a shared hosting environment.
> 
> I tried three different solutions without any luck so far:
> 1) Using session_set_cookie_params() to extend the lifetime of the
> session cookie.

The default setting of 0 for session.cookie_lifetime means 'until the
browser is closed', so you shouldn't need to mess with this.

> 2) Using a javascript function to to periodically call an image to
> simulate page activity.

You're on the right track here, but you need to be calling a php script
which accesses the session to renew the last access time.  Just
requesting a static image won't do it.

> 3) Using ini_set(session.gc_maxlifetime) to set the the number of
> seconds for php to wait before data may be seen as garbage and be
> cleaned up.

The problem you're most likely having here is that any scripts on the
machine which don't have this setting will trigger the session garbage
collector with the default settings, and cheerfully delete your session
files.

If you switch to a custom session storage system (ie, database-backed
sessions), then you can control the GC this way because they won't be
cleaned up by the default garbage collector.

Dan




More information about the talk mailing list