944,150 Members | Top Members by Rank

Web Development > PHP > how to set a session to destroy itself unset whatever in a certain amount of time
Ad:
  • PHP Discussion Thread
  • Unsolved
  • Views: 2612
  • PHP RSS
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Nov 2nd, 2009
0

how to set a session to destroy itself unset whatever in a certain amount of time

Expand Post »
i found that your supposed to use this:
session.gc_maxlifetime
but i dont know how. does anyone know how i can destroy a log in session so the user wont be logged in 30 minutes later.
?
Similar Threads
Reputation Points: 15
Solved Threads: 7
Posting Pro in Training
SKANK!!!!! is offline Offline
428 posts
since Apr 2009
Permalink
Nov 3rd, 2009
0
Re: how to set a session to destroy itself unset whatever in a certain amount of time
Hey.

Yea, you set the session.gc_maxlifetime variable in the php.ini file to limit the time a session can stay idle.

If you don't know where the php.ini file is, create a file with just: <?php phpinfo(); ?> and look for the "Loaded Configuration File" value. That will contain the path to the configuration file you need to edit.

Once you find it, just open it up, search for the variable, set it to 1800 (30 minutes), save, restart your HTTP server and you are good to go.
Reputation Points: 93
Solved Threads: 70
Posting Pro
Atli is offline Offline
526 posts
since May 2007
Permalink
Nov 3rd, 2009
0
Re: how to set a session to destroy itself unset whatever in a certain amount of time
dont know where the ini file is so i did the php info thing came up a huge table and i did find in my browser there is no loaded configuration file anywhere on the page. im lost
Reputation Points: 15
Solved Threads: 7
Posting Pro in Training
SKANK!!!!! is offline Offline
428 posts
since Apr 2009
Permalink
Nov 3rd, 2009
0
Re: how to set a session to destroy itself unset whatever in a certain amount of time
It should be very close to the top.
See the attached image. It shows where it is on my PC.
Attached Thumbnails
Click image for larger version Name: phpinfo_phpini_location.jpeg Views: 36 Size: 44.8 KB ID: 12434  
Reputation Points: 93
Solved Threads: 70
Posting Pro
Atli is offline Offline
526 posts
since May 2007
Permalink
Nov 3rd, 2009
0
Re: how to set a session to destroy itself unset whatever in a certain amount of time
mines way different its a free host so i dont know if that changes anything
PHP Syntax (Toggle Plain Text)
  1. disable_functions	exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,popen,popen,pcntl_exec,socket_accept,socket_bind,socket_clear_error,socket_close,socket_connect,socket_create_listen,socket_create_pair,socket_create,socket_get_option,socket_getpeername,socket_getsockname,socket_last_error,socket_listen,socket_read,socket_recv,socket_recvfrom,socket_select,socket_send,socket_sendto,socket_set_block,socket_set_nonblock,socket_set_option,socket_shutdown,socket_strerror,socket_write,stream_socket_client,stream_socket_server,pfsockopen,stream_set_timeout,disk_total_space,disk_free_space,chown,diskfreespace,getrusage,get_current_user,set_time_limit,getmyuid,getmypid,dl,leak,listen,chgrp,link,symlink,dlopen,proc_nice,proc_get_stats,proc_terminate,shell_exec,sh2_exec,posix_getpwuid,posix_getgrgid,posix_kill,ini_restore,mkfifo,dbmopen,dbase_open,filepro,filepro_rowcount,posix_mkfifo,putenv,geoip_open,sleep	exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,popen,popen,pcntl_exec,socket_accept,socket_bind,socket_clear_error,socket_close,socket_connect,socket_create_listen,socket_create_pair,socket_create,socket_get_option,socket_getpeername,socket_getsockname,socket_last_error,socket_listen,socket_read,socket_recv,socket_recvfrom,socket_select,socket_send,socket_sendto,socket_set_block,socket_set_nonblock,socket_set_option,socket_shutdown,socket_strerror,socket_write,stream_socket_client,stream_socket_server,pfsockopen,stream_set_timeout,disk_total_space,disk_free_space,chown,diskfreespace,getrusage,get_current_user,set_time_limit,getmyuid,getmypid,dl,leak,listen,chgrp,link,symlink,dlopen,proc_nice,proc_get_stats,proc_terminate,shell_exec,sh2_exec,posix_getpwuid,posix_getgrgid,posix_kill,ini_restore,mkfifo,dbmopen,dbase_open,filepro,filepro_rowcount,posix_mkfifo,putenv,geoip_open,sleep
thats like basically the only thing with ini in it. and loaded or loading the one u put my browser cant find the word at all
Reputation Points: 15
Solved Threads: 7
Posting Pro in Training
SKANK!!!!! is offline Offline
428 posts
since Apr 2009
Permalink
Nov 3rd, 2009
0
Re: how to set a session to destroy itself unset whatever in a certain amount of time
Ahh ok, so you don't control the server yourself. That complicates these sort of things.

An easy way around this is to just manually destroy the session in your scripts by keeping track of when the user is active and destroy the session when he is idle for to long.

php Syntax (Toggle Plain Text)
  1. <?php
  2. session_start();
  3. if(isset($_SESSION['last_seen']) && (time() - $_SESSION['last_seen']) > 1800) {
  4.     session_destroy();
  5. }
  6. else {
  7.     $_SESSION['last_seen'] = time();
  8. }
  9. ?>
If you were to add this, or include it, at the top of every page, it would destroy the session if the user was idle for more than 30 minutes.
Reputation Points: 93
Solved Threads: 70
Posting Pro
Atli is offline Offline
526 posts
since May 2007
Permalink
Nov 3rd, 2009
0
Re: how to set a session to destroy itself unset whatever in a certain amount of time
thanks that makes sense! i have a question. is there a way to change it so all sessions are destroyed on everyones computer so they arent logged in when they havent been loading a page within 30 minutes even if they didnt get to load them page to destroy their session with the above code?

is that like a cron job thing or something?
Reputation Points: 15
Solved Threads: 7
Posting Pro in Training
SKANK!!!!! is offline Offline
428 posts
since Apr 2009
Permalink
Nov 3rd, 2009
0
Re: how to set a session to destroy itself unset whatever in a certain amount of time
Sure, but any method that would allow for that would require control over key areas of the server, which you are unlikely to have on a free, shared server.

If you did have the access, you could write a script that cleans out the temporary session files, stored in the directory specified in the session.save_path directive. (Or the OSs default temporary path.)
That could be set to execute periodically using crontab, or something equivalent.

But PHP automatically cleans up session data after the session expires, so there is really no need for that. Not to mention that your script might accidentally clear out sessions that aren't meant to be cleared out, whereas PHP won't.

The method I posted before, where I call session_destroy() would only be needed in the time-frame between the 30 minutes specified int he PHP script, and the time specified in the session.gc_maxlifetime directive. After that, PHP will automatically destroy the session.
Reputation Points: 93
Solved Threads: 70
Posting Pro
Atli is offline Offline
526 posts
since May 2007
Permalink
Nov 3rd, 2009
0
Re: how to set a session to destroy itself unset whatever in a certain amount of time
Click to Expand / Collapse  Quote originally posted by Atli ...
Sure, but any method that would allow for that would require control over key areas of the server, which you are unlikely to have on a free, shared server.

If you did have the access, you could write a script that cleans out the temporary session files, stored in the directory specified in the session.save_path directive. (Or the OSs default temporary path.)
That could be set to execute periodically using crontab, or something equivalent.

But PHP automatically cleans up session data after the session expires, so there is really no need for that. Not to mention that your script might accidentally clear out sessions that aren't meant to be cleared out, whereas PHP won't.

The method I posted before, where I call session_destroy() would only be needed in the time-frame between the 30 minutes specified int he PHP script, and the time specified in the session.gc_maxlifetime directive. After that, PHP will automatically destroy the session.
ok what r the reasons to make sessions expire like after 30 minutes? is there a way for people to hack them or something? id ont understand why people do it
Reputation Points: 15
Solved Threads: 7
Posting Pro in Training
SKANK!!!!! is offline Offline
428 posts
since Apr 2009
Permalink
Nov 4th, 2009
0
Re: how to set a session to destroy itself unset whatever in a certain amount of time
Yes, it is a security measure, limiting the window for a session hijacking.

There are ways for malicious persons to obtain your session cookie, which gives them the ability to hijack an open session. The less time the session is left idle, the less time the hijackers have to hijack it.
Not exactly bullet proof, but in cases like these our options are kind of limited.

Aside from that, this is also just a matter of clearing up the unused session data laying around on the server. Session are only meant to be temporary storage, lasting a single "session". If you leave for an extended period, once you return and resume what you were doing, that would be considered a new session. How long that period is, that is up to you.
Reputation Points: 93
Solved Threads: 70
Posting Pro
Atli is offline Offline
526 posts
since May 2007

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in PHP Forum Timeline: using variable substitutions in conditional statements
Next Thread in PHP Forum Timeline: need help with table


Tags
destroy, gc_maxlifetime, question, sessions, unset



About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC