before my problem was that my sessions were being terminated spontaneously. it looks like i've managed to fix that problem - so far i haven't been randomly logged off my application. the problem is, according to my php.ini settings, my session should have been terminated after 2 hours, it's been almost 5 hours now...
my php.ini:
<snip>
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime =0
; Percentual probability that the 'garbage collection' process is started
; on every session initialization.
session.gc_probability =100
; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime =7200
</snip>
after making the above changes in my php.ini, it looks like the javascript timer i have in the headers of my authenticated pages does not work anymore. this javascript is supposed to popup a warning message at 18 minutes of inactivity, and at 20 minutes, redirect the user to the logout page, which calls session_destroy().
the js looks like:
<snip>
<script language="JavaScript">
<!--
function timeout_2MinuteAlert()
{if(confirm('Warning: You are about to time out. As a security measure, we log you out after 20 minutes of inactivity. You have been inactive for 18 minutes. Click "Ok" within the next 2 minutes to continue with your application, otherwise you will be logged out. If you are logged out, you will need to log in again to continue your session.'))
{
history.go(0)
}
}
function timeout_FinalAlert()
{
if(confirm('Warning: You have timed out. As a security measure, you have been logged out after 20 minutes of inactivity. Click "Ok" again to return to log in again to continue your session.'))
{
history.go(0)
}
}
setTimeout('timeout_2MinuteAlert()', 1080000); // = 18 minutes
setTimeout('timeout_FinalAlert()', 1212000); // = 20 minutes
//-->
</snip>
what happens is that the javascript gets to the 18 minute warning, but never gets to the 20 minute warning, the user is not redirected to the logout page. ideally, i would like to have this work. i would like the user to be able to click around on the site without their session expiring indefinitely, but at 18 minutes of inactivity, have this javascript pop up a warning message, and at 20 mins of inactivity have them be automatically redirected to the logout page and their session destroyed.
what am i doing wrong?
