0

I have an issue on SESSION. I need a session of 12 hours, so that I have to login in the morning and can access my website whole day long.

I did the following in .htaccess

php_value session.cookie_lifetime 43200
php_value session.gc_maxlifetime 43200
php_value session.cache_expire 43200

In my index.php i have inserted the code below:

echo ini_get("session.cookie_lifetime").'<br />';
echo ini_get("session.gc_maxlifetime").'<br />';
echo ini_get("session.cache_expire").'<br />';

The resuilt I got:

43200
43200
43200

However if I don't do anything on my website of an hour, the session will be destoryed.

Anyone who can help me out?

edCoder
  • 1,130
  • 2
  • 18
  • 30
AndVla
  • 683
  • 2
  • 6
  • 18
  • Have you used chrome tools to inspect the cookie's expiration? – used2could Sep 24 '14 at 11:18
  • When using Debian, google for "debian php gc session" - Debian PHP session cleaning works a bit different, by using a cronjob. Personally, I encourage everyone to switch to memcached session handler. – Daniel W. Sep 24 '14 at 12:21
  • I know this is not what you asked, however, it would be 'better' to store the login details in in a cookie and 'auto login' using the details in the cookie. i.e. set the session login details via the 'auto login' cookie details. Details here: [3128985/php-loginsystem-remember-me](http://stackoverflow.com/questions/3128985/php-loginsystem-remember-me). Some hosting site prohibit long session times. – Ryan Vincent Sep 24 '14 at 12:31
  • @RyanVincent Don't :-( Don't store credentials (no matter if encrypted or not) in Cookies. Leave them in the Session, which is getting stored on the server. – Daniel W. Sep 24 '14 at 13:08
  • 2
    @DanFromGermany, Sorry, i should have made it clear to not store direct 'login credentials' in the cookie. Instead, generate a 'unique random reference' and store the cureent user login details in the database with the 'reference' as a key. The 'reference' is what is stored in the cookie. It is changed on every 'auto login'. Also, certain user edit functions are not allowed when access is via 'auto login'. – Ryan Vincent Sep 24 '14 at 13:45
  • 1
    @RyanVincent I just ment to add a useful extra notice to your helpful comments, it's all fine, you're welcome :-) – Daniel W. Sep 24 '14 at 13:49
  • @used2could No I didn't try it. Can you give some more info on that case, as I'm not sure if I understood you well. – AndVla Sep 24 '14 at 16:12
  • @RyanVincent That's exactly what I'm planning to do if I wont get it up and running using existing functionality. Thank you anyway! – AndVla Sep 24 '14 at 16:15

1 Answers1

0

This should do the trick:

ini_set('session.cookie_lifetime',12*60*60);
ini_set('session.gc_maxlifetime',12*60*60);
ini_set('session.cache_expire',12*60*60);
session_start();

Remember to set the environment parameters BEFORE you start any sessions. Also be careful, NEVER set the value over 65535, which is a bit more than 18 hours!

Gipsz Jakab
  • 395
  • 2
  • 9
  • Should I do it also in PHP if the following returns 43200: ini_get("session.cookie_lifetime");? In my opinion that wont change anything if I do it once more using PHP. Correct me if I'm wrong. – AndVla Sep 24 '14 at 16:18
  • you can be sure this way that your script will use the correct settings. – Gipsz Jakab Sep 24 '14 at 16:28