session dies before browser is closed

edspace

Hello.
I basically use sessions to manage a music website where people can listen to the files in a pop-up window with a real player plug-in.

When someone loads album.php I start a session and then transfer that session to play.php, which is opened in a pop-up window. In the pop-up window (play.php) I load a real player plugin that calls play2.php and based on the different variables that are registered in that session I either play the file or send them an error message.

The reason for the complicated system is a long story but it’s basically designed this way to hide the URL of the real player file.
It works great for most of the time but I have noticed that the session expires after a certain inactive time even if the browser window (album.php) is not closed.

All the variables in php.ini are set to default. SID is enabled and I am not sure why the session expires. I think it has something to do with the pop-up. I use window.open() for the pop-up.

Can anyone help me understand this? Is there a more reliable way to transfer the session between main window>>pop-up>>real player plugin? I use SID but that is included in the URL only when cookies are not available.

Thanks

loteck

When someone loads album.php I start a session and then transfer that session to play.php, which is opened in a pop-up window. In the pop-up window (play.php) I load a real player plugin that calls play2.php

i hate to bother you with n00b ignorance, but the first question that comes to my mind is:

why do you start the session in album.php and pass it to the pop-up instead of starting the session in play.php? Since you seem to think the problem might be in calling the popup, if you did start the session in play.php might that provide any kind of relief from the problem?

you seem to have a level of knowledge greater than mine, so if these ideas are totally irrelevant or beside the point, i'd appreciate an explanation on why for my educational benefit, if you have the time. Still learning, you know 😉

thanks.

edspace

In album.php I register a variable x.
When play.php is run I check to see if x is registered under that session. If x is registered then i know that the user came from album.php and did not open play.php from some other site that has stolen my links.

edspace

I think I fixed this myself. I had designed the site to use trans-id and SID and today I changed it to use session_name() and session_id() and it seems to work much better. Now all the links have the session ID and I don't rely on trans-id. SID can sometimes be empty but session_name() and session_id() always return the name and ID. Even if I use the pop-up the session is still passed from one page to the other.

Hope this helps someone else.