Page 1 of 1

Session timeout

Posted: Sat Oct 03, 2009 11:51 am
by JKM
How can I make a session last forever (or until someone are closing their browser)?

Re: Session timeout

Posted: Sat Oct 03, 2009 12:03 pm
by jackpf

Re: Session timeout

Posted: Thu Oct 08, 2009 3:54 pm
by JKM
Thanks, but I'm not sure where to insert the session_set_cookie_params lifetime.
Login.php (where the cookie is registered (if 'remember me' is checked)):

Code: Select all

<?php
$cookie_ex = time()+60*60*24*30;
setcookie("user_name", $fetch['uUSER'], $cookie_ex);
setcookie("user_uID", $fetch['uID'], $cookie_ex);
setcookie("user_uHASH", $hash2, $cookie_ex);
?>
This is at the top of every 'logged in'-required pages:

Code: Select all

<?php
session_start();
if(!$_SESSION['user_id']) {
    if((isset($_COOKIE['user_uID'])) && (is_numeric($_COOKIE['user_uID']))) {
        require('function.db.php');
        dbConnect();
        $main_qry = mysql_query("SELECT * FROM db.users WHERE uID='".$_COOKIE['user_uID']."'");
        $main_fetch = mysql_fetch_array($main_qry);
        $user_id = $main_fetch['uID'];
        $user_access = $main_fetch['uACC'];
        $user_nick = $main_fetch['uUSER'];
        if((mysql_num_rows($main_qry) == 0) || ($main_fetch['uHASH'] != $_COOKIE['user_uHASH']) || ($main_fetch['uSTATUS'] == 0)) {
            header("Location: login.php");
            die();
        }
    } else {
        header("Location: login.php");
        die();
    }
} else {
    require('function.db.php');
    dbConnect();
    $main_qry = mysql_query("SELECT * FROM db.users WHERE uID='".$_SESSION['user_uID']."'");
    $main_fetch = mysql_fetch_array($main_qry);
    $user_id = $_SESSION['user_id'];
    $user_access = $_SESSION['user_acc'];
    $user_nick = $_SESSION['user_name'];
}?>

Re: Session timeout

Posted: Thu Oct 08, 2009 6:10 pm
by jackpf
You should probably put it above anywhere you have session_start() I would have thought.

Re: Session timeout

Posted: Thu Oct 08, 2009 7:01 pm
by JKM
Even at the login page?

Thanks for the help!

Re: Session timeout

Posted: Fri Oct 09, 2009 9:24 am
by JKM
...?

Re: Session timeout

Posted: Fri Oct 09, 2009 9:35 am
by jackpf
Yeah...obvious spam :/

I reported it....


But yeah, or you could just set the values in php.ini.

If you can't do so, preferably you'd have a config file that's included on every page, and you can just set your various session settings in that...but if you don't, then yeah, I think you'll have to put the code on every script that uses sessions.

Re: Session timeout

Posted: Fri Oct 09, 2009 10:05 am
by JKM
jackpf wrote:If you can't do so, preferably you'd have a config file that's included on every page, and you can just set your various session settings in that...but if you don't, then yeah, I think you'll have to put the code on every script that uses sessions.
Sorry, but I'm pretty new with sessions, but what do you mean by 'session settings'? Is there any other settings than session_set_cookie_params($time) I should use?

Re: Session timeout

Posted: Fri Oct 09, 2009 12:24 pm
by jackpf
No, sorry, by "session settings" I meant whatever you're setting with session_set_cookie_params(). :)

Re: Session timeout

Posted: Fri Oct 09, 2009 5:03 pm
by JKM
Ah, thanks. btw - this is for sessions and not for cookies, right?

Re: Session timeout

Posted: Fri Oct 09, 2009 6:46 pm
by Mirge
JKM wrote:Ah, thanks. btw - this is for sessions and not for cookies, right?
Session ID can be stored via cookies... might wanna check out http://us.php.net/manual/en/book.session.php