Session Expieres before Browser Close

imranlink

Hi,

I am using SESSION for Login Verification on my website. The problem i am facing is that My page Session Expires after 30 minuntes. Can you please let me how can i make it alive untill unless visiter close his browser?

PHP.ini Settings

PHP Version 4.3.4

[Session]
session.save_handler = files
session.save_path = C:\PHP\sessiondata
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0

session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_maxlifetime = 1440
session.referer_check =
session.entropy_length = 0
session.entropy_file =
; session.entropy_length = 16
; session.entropy_file = /dev/urandom
session.cache_limiter =
session.cache_expire = 180
session.use_trans_sid = 0
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Login.php


session_start();
session_register("auth");
$HTTP_SESSION_VARS["auth"] = 1;

Welcome.php


session_cache_limiter('nocache');
session_start();
session_register("auth");
if($HTTP_SESSION_VARS["auth"] == 1)
{ 
	header("Location login.php");
	exit(0);
}
else
{
	echo "welcome";
}

Sincerely,

Imran Khalid (PHP Web Developer)
http://imrankhalid.5u.com
Email: imranlink@hotmail.com
...........................................................

Drakla

You're using old methods of talking to php - today it's done like this - your first script

 session_start();

$_SESSION['auth'] = 1;

Then in your second script

session_start();

if($_SESSION['auth'] == 1)
{ 
    header("Location login.php");
    exit(0);
}
else
{
    echo "welcome";
}

I've left out your cache limiter

imranlink

But this again expire the page after n minuntes before the visiter close his browser.

Drakla

You know with your code you are relocating them if they're given the session value of 1, yes? It would naturally seem to need to relocate them if auth != 1

toplay

imranlink, you're a PHP web developer with the "Objective: To be one of the legendary figures in the field of IT." So, learn about all the various PHP session settings here: http://us3.php.net/session because you don't seem to understand how PHP sessions work.

Also, read the caution boxes at: http://us3.php.net/manual/en/function.session-register.php

LoganK

toplay wrote:
imranlink, you're a PHP web developer with the "Objective: To be one of the legendary figures in the field of IT."

Where'd you see that?

toplay

LoganK wrote:
Where'd you see that?

From his web site listed in his signature line from his original topic post (which he seemed to have removed since).

http://imrankhalid.5u.com

LoganK

Nice pic 😃

I personally don't like pics of me on the web. Too easy for creeps to look up people.

hth (borrowed with [hopefully] gracious consent from toplay)

imranlink

Well,

I have read in manual that its not possible to save Session as long as Visiter stay in his Browser Window. Any limit of session time have to expire before the end of the BROWSER session.

In Session we must have to set an expiry time of the Session. We can increase the time to 60x24 minuntes for one day expiry in php.ini but after that it again has to expire if browser not closed.

COOKIE system based on more Parameters(Options). We can set Cookie expire after certain minuntes or be active untill unless the visiter close his browser.

if you set a cookie expiration to NULL, it will be deleted at the end of the BROWSER session. As soon as you close that browser window (or the whole browser program, depending on the browser), the cookie is deleted. This is different from a PHP session. A PHP session is data stored on the SERVER, and linked to a user by means of a session cookie.

Some times also maintain PHP sessions without cookies... by appending the session_id to each and every internal UR L (which us very tedious from a programming standpoint).

PHP sessions have expiration dates. If you don't set one, it is usually 30 minutes. After a PHP session is expired or destroyed, the session cookie it set on the user's computer is worthless, because it refers to a session that no longer exists. As well, the cookie contains no user info (user name, encrypted password, etc), only the worthless PHP session id. Of course, a PHP session cookie can have its own expiration date, but it would be silly to set it to expire before the PHP session expires.

If you changed that expiration value to NULL, the cookie would be deleted every time you closed your browser (really good for the paranoid).

Sincerely,

Imran Khalid (PHP Web Developer)
http://imrankhalid.5u.com
Email: imranlink@hotmail.com
...........................................................

LoganK

So.........is this resolved?

imranlink

Yes,
Result is that we can not use seesion for this purpose.
We must have to use Cookie.

Drakla

If you've got a database handy then write your own session handler that the server doesn't mop up for a long time.

LoganK

imranlink wrote:
Yes,
Result is that we can not use seesion for this purpose.
We must have to use Cookie.

At least you got it resolved! Please mark this resolved.