Session timeout

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
JKM
Forum Contributor
Posts: 221
Joined: Tue Jun 17, 2008 8:12 pm

Session timeout

Post by JKM »

How can I make a session last forever (or until someone are closing their browser)?
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Session timeout

Post by jackpf »

JKM
Forum Contributor
Posts: 221
Joined: Tue Jun 17, 2008 8:12 pm

Re: Session timeout

Post by JKM »

Thanks, but I'm not sure where to insert the session_set_cookie_params lifetime.
Login.php (where the cookie is registered (if 'remember me' is checked)):

Code: Select all

<?php
$cookie_ex = time()+60*60*24*30;
setcookie("user_name", $fetch['uUSER'], $cookie_ex);
setcookie("user_uID", $fetch['uID'], $cookie_ex);
setcookie("user_uHASH", $hash2, $cookie_ex);
?>
This is at the top of every 'logged in'-required pages:

Code: Select all

<?php
session_start();
if(!$_SESSION['user_id']) {
    if((isset($_COOKIE['user_uID'])) && (is_numeric($_COOKIE['user_uID']))) {
        require('function.db.php');
        dbConnect();
        $main_qry = mysql_query("SELECT * FROM db.users WHERE uID='".$_COOKIE['user_uID']."'");
        $main_fetch = mysql_fetch_array($main_qry);
        $user_id = $main_fetch['uID'];
        $user_access = $main_fetch['uACC'];
        $user_nick = $main_fetch['uUSER'];
        if((mysql_num_rows($main_qry) == 0) || ($main_fetch['uHASH'] != $_COOKIE['user_uHASH']) || ($main_fetch['uSTATUS'] == 0)) {
            header("Location: login.php");
            die();
        }
    } else {
        header("Location: login.php");
        die();
    }
} else {
    require('function.db.php');
    dbConnect();
    $main_qry = mysql_query("SELECT * FROM db.users WHERE uID='".$_SESSION['user_uID']."'");
    $main_fetch = mysql_fetch_array($main_qry);
    $user_id = $_SESSION['user_id'];
    $user_access = $_SESSION['user_acc'];
    $user_nick = $_SESSION['user_name'];
}?>
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Session timeout

Post by jackpf »

You should probably put it above anywhere you have session_start() I would have thought.
JKM
Forum Contributor
Posts: 221
Joined: Tue Jun 17, 2008 8:12 pm

Re: Session timeout

Post by JKM »

Even at the login page?

Thanks for the help!
JKM
Forum Contributor
Posts: 221
Joined: Tue Jun 17, 2008 8:12 pm

Re: Session timeout

Post by JKM »

...?
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Session timeout

Post by jackpf »

Yeah...obvious spam :/

I reported it....


But yeah, or you could just set the values in php.ini.

If you can't do so, preferably you'd have a config file that's included on every page, and you can just set your various session settings in that...but if you don't, then yeah, I think you'll have to put the code on every script that uses sessions.
JKM
Forum Contributor
Posts: 221
Joined: Tue Jun 17, 2008 8:12 pm

Re: Session timeout

Post by JKM »

jackpf wrote:If you can't do so, preferably you'd have a config file that's included on every page, and you can just set your various session settings in that...but if you don't, then yeah, I think you'll have to put the code on every script that uses sessions.
Sorry, but I'm pretty new with sessions, but what do you mean by 'session settings'? Is there any other settings than session_set_cookie_params($time) I should use?
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Session timeout

Post by jackpf »

No, sorry, by "session settings" I meant whatever you're setting with session_set_cookie_params(). :)
JKM
Forum Contributor
Posts: 221
Joined: Tue Jun 17, 2008 8:12 pm

Re: Session timeout

Post by JKM »

Ah, thanks. btw - this is for sessions and not for cookies, right?
User avatar
Mirge
Forum Contributor
Posts: 298
Joined: Thu Sep 03, 2009 11:39 pm

Re: Session timeout

Post by Mirge »

JKM wrote:Ah, thanks. btw - this is for sessions and not for cookies, right?
Session ID can be stored via cookies... might wanna check out http://us.php.net/manual/en/book.session.php
Post Reply