Hi there. I have a built and implemented a user-authentication system which uses PHP sessions to track users as they move from page to page.
The login page authenticates the user's username & password against a MySQL database and, if they are a recognised user, registers their user ID and e-mail address using session_register.
All pages in the site start with:
<?
session_start();
and everything seems to be working fine; users can log in, navigate the site, log out.
However. If a user tries to follow a link to another page after their browser has been inactive for more than about twenty minutes (I have no way to be more exact without conducting a lot of time-consuming tests) then they get logged off.
I've done some reading around and I think I understand that the session is expiring after some default period of browser inactivity. I'd like to increase this period to one hour, i.e. a user can leave their browser inactive for up to 60 minutes (3600 seconds) without the session expiring.
I've tried using:
<?
session_start();
session_set_cookie_params (60);
at the top of every page (set to 60 seconds in order to make it easier to test if it's working or not) but it doesn't appear to be affecting things. The user is still fine after 5 minutes of inactivity, but no good after 25.
I have used session_get_cookie_params(); and get the following output:
lifetime) 60
path) /
domain)
secure)
so although the session_set_cookie_params (60); is "working", I guess I must be barking up the wrong tree with the cookie parameters.
Can anyone point me in the right direction for setting the session, not just the cookie, lifetime?
I hope I've provided enough information - and that I'm asking the right questions... Thanks in advance for any help.
Saxnet,
Tokyo
