Session timeout
Moderator: General Moderators
Session timeout
How can I make a session last forever (or until someone are closing their browser)?
Re: Session timeout
Thanks, but I'm not sure where to insert the session_set_cookie_params lifetime.
Login.php (where the cookie is registered (if 'remember me' is checked)):
This is at the top of every 'logged in'-required pages:
Login.php (where the cookie is registered (if 'remember me' is checked)):
Code: Select all
<?php
$cookie_ex = time()+60*60*24*30;
setcookie("user_name", $fetch['uUSER'], $cookie_ex);
setcookie("user_uID", $fetch['uID'], $cookie_ex);
setcookie("user_uHASH", $hash2, $cookie_ex);
?>Code: Select all
<?php
session_start();
if(!$_SESSION['user_id']) {
if((isset($_COOKIE['user_uID'])) && (is_numeric($_COOKIE['user_uID']))) {
require('function.db.php');
dbConnect();
$main_qry = mysql_query("SELECT * FROM db.users WHERE uID='".$_COOKIE['user_uID']."'");
$main_fetch = mysql_fetch_array($main_qry);
$user_id = $main_fetch['uID'];
$user_access = $main_fetch['uACC'];
$user_nick = $main_fetch['uUSER'];
if((mysql_num_rows($main_qry) == 0) || ($main_fetch['uHASH'] != $_COOKIE['user_uHASH']) || ($main_fetch['uSTATUS'] == 0)) {
header("Location: login.php");
die();
}
} else {
header("Location: login.php");
die();
}
} else {
require('function.db.php');
dbConnect();
$main_qry = mysql_query("SELECT * FROM db.users WHERE uID='".$_SESSION['user_uID']."'");
$main_fetch = mysql_fetch_array($main_qry);
$user_id = $_SESSION['user_id'];
$user_access = $_SESSION['user_acc'];
$user_nick = $_SESSION['user_name'];
}?>Re: Session timeout
You should probably put it above anywhere you have session_start() I would have thought.
Re: Session timeout
Even at the login page?
Thanks for the help!
Thanks for the help!
Re: Session timeout
Yeah...obvious spam :/
I reported it....
But yeah, or you could just set the values in php.ini.
If you can't do so, preferably you'd have a config file that's included on every page, and you can just set your various session settings in that...but if you don't, then yeah, I think you'll have to put the code on every script that uses sessions.
I reported it....
But yeah, or you could just set the values in php.ini.
If you can't do so, preferably you'd have a config file that's included on every page, and you can just set your various session settings in that...but if you don't, then yeah, I think you'll have to put the code on every script that uses sessions.
Re: Session timeout
Sorry, but I'm pretty new with sessions, but what do you mean by 'session settings'? Is there any other settings than session_set_cookie_params($time) I should use?jackpf wrote:If you can't do so, preferably you'd have a config file that's included on every page, and you can just set your various session settings in that...but if you don't, then yeah, I think you'll have to put the code on every script that uses sessions.
Re: Session timeout
No, sorry, by "session settings" I meant whatever you're setting with session_set_cookie_params(). 
Re: Session timeout
Ah, thanks. btw - this is for sessions and not for cookies, right?
Re: Session timeout
Session ID can be stored via cookies... might wanna check out http://us.php.net/manual/en/book.session.phpJKM wrote:Ah, thanks. btw - this is for sessions and not for cookies, right?