Page 1 of 1

How to Have Session Expire 900s After Last Click

Posted: Tue Nov 02, 2004 4:54 pm
by DMcK
Hello,
I've got a session issue that I can't find any solution for. My sessions are working correctly, but they always expire after 900 seconds. I would like my users' sessions to expire after 900 seconds of inactivity. So, for example, if a user is moving around the "manage my account" area, the session expiry is set 900 seconds from their last click.

I currently have this in my .htaccess file to enable the current 900s expiry:
php_value session.cookie_lifetime "900"

I tried this in my code, but sessions wouldn't work:
ini_set('session.cookie_lifetime',900);
session_start();

Any suggestions?
Thanks,
Doug

Posted: Tue Nov 02, 2004 5:49 pm
by rehfeld
i thought thats how you did it....

Posted: Tue Nov 02, 2004 7:56 pm
by John Cartwright
1. create a table in your database
2. on every page load do the following

a. check to see if their sessionid exists
b. if exists update with new timestamp (right now)
c. if does not exist create a row with their sessionid, and current time

3. run a seperate function to check for expired sessions... maybe a chron??

a. if expired delete them

Posted: Tue Nov 02, 2004 10:52 pm
by DMcK
Thanks, Phenom. That's a good idea. I'll do that.

rehfeld, an undesired result can occur if I keep the method I am using...if a user logs in, waits a while, then starts changing something in their account, the session could expire while they are making their change and they would have to log back in and re-enter their change(s). That isn't a good thing.

Doug

Posted: Wed Nov 03, 2004 8:56 pm
by rehfeld
yes i realize that. in fact just the other day that exact thing happened to me, filling out on application online, took me 45 min, then hit submit to see that beautiful session timed out error message. and thanks to the webmaster that allowed the entire form to clear when i hit the back button too :) lol. i need a new keyboard now :D

but what i meant is i thought the cookie lifetime was updated at every request(a new cookie sent), lord knows why i assumed that, but i did.

Posted: Thu Nov 04, 2004 10:21 am
by DMcK
Ah...I thought it would work that way too. Maybe it is the way my host has set things up. Maybe sessions just work this way. It's on my long To Do list of fixes now.
Doug