PHP RSS PHP RSS

how to set a session to destroy itself unset whatever in a certain amount of time

Reply
1 2

Join Date: Apr 2009
Posts: 281
Reputation: SKANK!!!!! is an unknown quantity at this point 
Solved Threads: 2
SKANK!!!!! SKANK!!!!! is offline Offline
Posting Whiz in Training

how to set a session to destroy itself unset whatever in a certain amount of time

 
0
  #1
23 Days Ago
i found that your supposed to use this:
session.gc_maxlifetime
but i dont know how. does anyone know how i can destroy a log in session so the user wont be logged in 30 minutes later.
?
Reply With Quote Quick reply to this message  
Join Date: May 2007
Posts: 431
Reputation: Atli is on a distinguished road 
Solved Threads: 56
Atli's Avatar
Atli Atli is offline Offline
Posting Pro in Training
 
0
  #2
23 Days Ago
Hey.

Yea, you set the session.gc_maxlifetime variable in the php.ini file to limit the time a session can stay idle.

If you don't know where the php.ini file is, create a file with just: <?php phpinfo(); ?> and look for the "Loaded Configuration File" value. That will contain the path to the configuration file you need to edit.

Once you find it, just open it up, search for the variable, set it to 1800 (30 minutes), save, restart your HTTP server and you are good to go.
Please do not ask for help in a PM. Use the forums.
And use [code] tags!
Reply With Quote Quick reply to this message  
Join Date: Apr 2009
Posts: 281
Reputation: SKANK!!!!! is an unknown quantity at this point 
Solved Threads: 2
SKANK!!!!! SKANK!!!!! is offline Offline
Posting Whiz in Training
 
0
  #3
23 Days Ago
dont know where the ini file is so i did the php info thing came up a huge table and i did find in my browser there is no loaded configuration file anywhere on the page. im lost
Reply With Quote Quick reply to this message  
Join Date: May 2007
Posts: 431
Reputation: Atli is on a distinguished road 
Solved Threads: 56
Atli's Avatar
Atli Atli is offline Offline
Posting Pro in Training
 
0
  #4
23 Days Ago
It should be very close to the top.
See the attached image. It shows where it is on my PC.
Attached Thumbnails
phpinfo_phpini_location.jpeg  
Please do not ask for help in a PM. Use the forums.
And use [code] tags!
Reply With Quote Quick reply to this message  
Join Date: Apr 2009
Posts: 281
Reputation: SKANK!!!!! is an unknown quantity at this point 
Solved Threads: 2
SKANK!!!!! SKANK!!!!! is offline Offline
Posting Whiz in Training
 
0
  #5
23 Days Ago
mines way different its a free host so i dont know if that changes anything
PHP Syntax (Toggle Plain Text) 
  1. disable_functions	exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,popen,popen,pcntl_exec,socket_accept,socket_bind,socket_clear_error,socket_close,socket_connect,socket_create_listen,socket_create_pair,socket_create,socket_get_option,socket_getpeername,socket_getsockname,socket_last_error,socket_listen,socket_read,socket_recv,socket_recvfrom,socket_select,socket_send,socket_sendto,socket_set_block,socket_set_nonblock,socket_set_option,socket_shutdown,socket_strerror,socket_write,stream_socket_client,stream_socket_server,pfsockopen,stream_set_timeout,disk_total_space,disk_free_space,chown,diskfreespace,getrusage,get_current_user,set_time_limit,getmyuid,getmypid,dl,leak,listen,chgrp,link,symlink,dlopen,proc_nice,proc_get_stats,proc_terminate,shell_exec,sh2_exec,posix_getpwuid,posix_getgrgid,posix_kill,ini_restore,mkfifo,dbmopen,dbase_open,filepro,filepro_rowcount,posix_mkfifo,putenv,geoip_open,sleep	exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,popen,popen,pcntl_exec,socket_accept,socket_bind,socket_clear_error,socket_close,socket_connect,socket_create_listen,socket_create_pair,socket_create,socket_get_option,socket_getpeername,socket_getsockname,socket_last_error,socket_listen,socket_read,socket_recv,socket_recvfrom,socket_select,socket_send,socket_sendto,socket_set_block,socket_set_nonblock,socket_set_option,socket_shutdown,socket_strerror,socket_write,stream_socket_client,stream_socket_server,pfsockopen,stream_set_timeout,disk_total_space,disk_free_space,chown,diskfreespace,getrusage,get_current_user,set_time_limit,getmyuid,getmypid,dl,leak,listen,chgrp,link,symlink,dlopen,proc_nice,proc_get_stats,proc_terminate,shell_exec,sh2_exec,posix_getpwuid,posix_getgrgid,posix_kill,ini_restore,mkfifo,dbmopen,dbase_open,filepro,filepro_rowcount,posix_mkfifo,putenv,geoip_open,sleep
thats like basically the only thing with ini in it. and loaded or loading the one u put my browser cant find the word at all
Reply With Quote Quick reply to this message  
Join Date: May 2007
Posts: 431
Reputation: Atli is on a distinguished road 
Solved Threads: 56
Atli's Avatar
Atli Atli is offline Offline
Posting Pro in Training
 
0
  #6
23 Days Ago
Ahh ok, so you don't control the server yourself. That complicates these sort of things.

An easy way around this is to just manually destroy the session in your scripts by keeping track of when the user is active and destroy the session when he is idle for to long.

php Syntax (Toggle Plain Text) 
  1. <?php
  2. session_start();
  3. if(isset($_SESSION['last_seen']) && (time() - $_SESSION['last_seen']) > 1800) {
  4.     session_destroy();
  5. }
  6. else {
  7.     $_SESSION['last_seen'] = time();
  8. }
  9. ?>
If you were to add this, or include it, at the top of every page, it would destroy the session if the user was idle for more than 30 minutes.
Please do not ask for help in a PM. Use the forums.
And use [code] tags!
Reply With Quote Quick reply to this message  
Join Date: Apr 2009
Posts: 281
Reputation: SKANK!!!!! is an unknown quantity at this point 
Solved Threads: 2
SKANK!!!!! SKANK!!!!! is offline Offline
Posting Whiz in Training
 
0
  #7
22 Days Ago
thanks that makes sense! i have a question. is there a way to change it so all sessions are destroyed on everyones computer so they arent logged in when they havent been loading a page within 30 minutes even if they didnt get to load them page to destroy their session with the above code?

is that like a cron job thing or something?
Reply With Quote Quick reply to this message  
Join Date: May 2007
Posts: 431
Reputation: Atli is on a distinguished road 
Solved Threads: 56
Atli's Avatar
Atli Atli is offline Offline
Posting Pro in Training
 
0
  #8
22 Days Ago
Sure, but any method that would allow for that would require control over key areas of the server, which you are unlikely to have on a free, shared server.

If you did have the access, you could write a script that cleans out the temporary session files, stored in the directory specified in the session.save_path directive. (Or the OSs default temporary path.)
That could be set to execute periodically using crontab, or something equivalent.

But PHP automatically cleans up session data after the session expires, so there is really no need for that. Not to mention that your script might accidentally clear out sessions that aren't meant to be cleared out, whereas PHP won't.

The method I posted before, where I call session_destroy() would only be needed in the time-frame between the 30 minutes specified int he PHP script, and the time specified in the session.gc_maxlifetime directive. After that, PHP will automatically destroy the session.
Please do not ask for help in a PM. Use the forums.
And use [code] tags!
Reply With Quote Quick reply to this message  
Join Date: Apr 2009
Posts: 281
Reputation: SKANK!!!!! is an unknown quantity at this point 
Solved Threads: 2
SKANK!!!!! SKANK!!!!! is offline Offline
Posting Whiz in Training
 
0
  #9
22 Days Ago
Originally Posted by Atli View Post
Sure, but any method that would allow for that would require control over key areas of the server, which you are unlikely to have on a free, shared server.

If you did have the access, you could write a script that cleans out the temporary session files, stored in the directory specified in the session.save_path directive. (Or the OSs default temporary path.)
That could be set to execute periodically using crontab, or something equivalent.

But PHP automatically cleans up session data after the session expires, so there is really no need for that. Not to mention that your script might accidentally clear out sessions that aren't meant to be cleared out, whereas PHP won't.

The method I posted before, where I call session_destroy() would only be needed in the time-frame between the 30 minutes specified int he PHP script, and the time specified in the session.gc_maxlifetime directive. After that, PHP will automatically destroy the session.
ok what r the reasons to make sessions expire like after 30 minutes? is there a way for people to hack them or something? id ont understand why people do it
Reply With Quote Quick reply to this message  
Join Date: May 2007
Posts: 431
Reputation: Atli is on a distinguished road 
Solved Threads: 56
Atli's Avatar
Atli Atli is offline Offline
Posting Pro in Training
 
0
  #10
22 Days Ago
Yes, it is a security measure, limiting the window for a session hijacking.

There are ways for malicious persons to obtain your session cookie, which gives them the ability to hijack an open session. The less time the session is left idle, the less time the hijackers have to hijack it.
Not exactly bullet proof, but in cases like these our options are kind of limited.

Aside from that, this is also just a matter of clearing up the unused session data laying around on the server. Session are only meant to be temporary storage, lasting a single "session". If you leave for an extended period, once you return and resume what you were doing, that would be considered a new session. How long that period is, that is up to you.
Please do not ask for help in a PM. Use the forums.
And use [code] tags!
Reply With Quote Quick reply to this message  
Reply
1 2

Tags
Tags
destroy, gc_maxlifetime, question, sessions, unset

Quick Reply to Thread
Message:



Similar Threads
Other Threads in the PHP Forum
Thread Tools Search this Thread



destroy frames gc_maxlifetime jsp persist php question redirect response sessions unset
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC