Page 1 of 1

"Session expire" does not work

Posted: Thu Apr 26, 2007 11:08 am
by PhpMachine
I can't get session expire to work.

I want the session to be cleared after 10 minutes, or if the webbrowser
is closed.

How do I accomplish this?

Now I have:

Code: Select all

php.ini:
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 10
And that didn't work.
If I closed the browser and opened a new one, the session was alive.

I've also tested with:

Code: Select all

session_cache_expire(10);
session_start();
but it doesn't work either.
The session is alive after 10 minutes. But if i close the browser using this,
then it is destroyed.

So, how do I get "after 10 minutes OR closing webbrowser"?

Greetings

Posted: Thu Apr 26, 2007 11:25 am
by superdezign
session_cache_expire should work fine if you set it on every page. and you can alter your php.ini? Do you have direct access to the server in order to restart it?

And your sessions live beyond the web browser being closed...? That sounds like you are using actual cookies instead of a session. PHP sessions don't extend beyond the life of the browser.

Posted: Thu Apr 26, 2007 11:40 am
by PhpMachine
Hi

Yes, I have access to the server.
It's on the local machine, Apache 2.2.

I now set this in php.ini:

Code: Select all

session.cache_expire = 1
I restart Apache, open my page, wait 2 minutes, updates the page and the session is
still alive (no new session started).

Code: Select all

session_start();

 if(!isset($_SESSION["test"])) {
  $_SESSION["test"] = 1;
  echo "new session";
 } else {
  echo "same session as before";
 }
Strange...

Posted: Thu Apr 26, 2007 12:04 pm
by volka
You might want to set session.cookie_lifetime to 0 so the client/browser is advised not to store the session cookie after the client is closed.
And then store the expiration time within the session

Code: Select all

// new session
$_SESSION['expires'] = strtotime('+10 minutes');
// else
if ( time() > $_SESSION['expires'] ) {
  onSessionExpired();
}

Posted: Thu Apr 26, 2007 12:13 pm
by PhpMachine
Hi Volka

Yes, I had set "session.cookie_lifetime" to 0, but it didn't work after restart.

Your solution to save the expire-date in the session itself, works great.
But I don't understand why the built-in session-check doesn't work...

:/

Posted: Thu Apr 26, 2007 1:17 pm
by volka
PhpMachine wrote:Yes, I had set "session.cookie_lifetime" to 0, but it didn't work after restart.
?? What restart?

Posted: Thu Apr 26, 2007 1:37 pm
by PhpMachine
Restart of Apache/PHP :)

Posted: Thu Apr 26, 2007 2:07 pm
by volka
Did you check the cookie expiration dates in your browser?