Page 1 of 1
Session not expiring
Posted: Sun Apr 17, 2005 7:27 pm
by C_Calav
Hi guys,
ive been noticing that my session variable is not expiring.
Code: Select all
setcookie("cartId", session_id(), time() + (3600));
i wanted it to expire after 1 hour.
is this correct?
thanx
Posted: Sun Apr 17, 2005 8:06 pm
by feyd
since you're duplicating values, why not just see when the last communication from that session was? If over an hour, toss it. You can perform a quick check when loading a page against other sessions too (if you are using a database session system)
Posted: Sun Apr 17, 2005 8:57 pm
by C_Calav
thanx feyd, that is a good idea.
how do i check if the session is longer than a hour?
or should i say, how do you check the vaiable against time?
thanx
oh, was the code i had ment to expire at a hour? or is something else wrong with it
Posted: Sun Apr 17, 2005 9:25 pm
by feyd
to determine when your browser will expire the cookie, you'll need to see what headers are sent.
As for checking if it's been an hour since last communication: you can use a table to store the session_id and last time they were seen, or you can store that timestamp in their session variables, etc..
I prefer to use database sessions myself. (If you want some examples of one way to set them up, look in the useful posts thread.)
Posted: Sun Apr 17, 2005 10:13 pm
by C_Calav
hi feyd,
i am saving my session ID's in a database.
is this the bit that deletes old sessions from your usefuls posts code?
Code: Select all
$session_sql = "DELETE FROM " . $this->ses_table . " WHERE ses_time < UNIX_TIMESTAMP(NOW() - $life)";
or something like that?
Posted: Sun Apr 17, 2005 10:19 pm
by feyd
similar, yes.
Posted: Sun Apr 17, 2005 10:26 pm
by C_Calav
thanx,
i will try it out later on when i am home.
going back to this:
Code: Select all
setcookie("cartId", session_id(), time() + (3600));
what does this do? sets a session for a hour? or can only be used for a hour?
Posted: Sun Apr 17, 2005 10:35 pm
by feyd
sets a cookie to expire one hour from the current time on the server.
Posted: Sun Apr 17, 2005 10:41 pm
by C_Calav
what happens after that hour?
becuase, in my shopping cart, after a hour the user still has the same items in cart etc. i thought after a hour they would get a new session id (no items in cart)
Posted: Sun Apr 17, 2005 11:34 pm
by feyd
it's up to the browser to actually delete the cookie. If you keep updating it, it'll stay alive. If you check the actual headers that are sent to your browser, you'll see a specific date and time string of when the cookie should expire. If your server doesn't send certain other headers, such as the current time on the server, the browser will likely use the current time of the machine to determine how long the cookie actually lives.. which, if the server is already several hours ahead of you, means it will takes hours to delete.
Posted: Mon Apr 18, 2005 12:06 am
by C_Calav
cool,
how do i print the headers to the page?
thanx for your help today
Posted: Mon Apr 18, 2005 12:22 am
by feyd
you either need to write a script that will fetch them, or use Firefox's Web Developer extension..
If you want to write a script to do it, look for my reply to a thread by Heavy in Web Servers (I think)