Page 1 of 1

session getting expired

Posted: Wed Mar 11, 2009 8:37 am
by susrisha
Hi,

I have a file uploading form which uploads the data.

Code: Select all

 
//this is at the start of the page to know if the user is logged in or not
//check for session integrity
if(!isset($_SESSION))
{
session_start();
}
//see if the user is authenticated
if($_SESSION['authenticate']!="1")
{
//redirect to session expire page
 
//this is the form i put in the page
<form action ="uploadvideo.php"  method ="post" enctype="multipart/form-data" onsubmit = " return validate_form();">
 Upload form to be embedded here.
 <br />
 <input  type="file" id= "uploadvideo" name="video" />
 <input type ="submit" value ="UPLOAD" onclick="show_upload();" />
 
in the upload processing page i have this code

Code: Select all

 
//check for session integrity
if(!isset($_SESSION))
{
session_start();
echo "Session was not set";
}
//see if the user is authenticated
if($_SESSION['authenticate']!="1")
{
     session_regenerate_id();
     session_destroy();
     include_once("template_start.php");
     echo '<FONT COLOR="#FF0000 "><center>
<b>Unauthorized login.. Please Login again</b>
     </center></FONT>';
     include_once("loginbody.php");
     include_once("template_end.php");
 
    exit();
}
include_once("template_start.php");
include_once("utilities.php");
include_once("vars.php");
$loginID = $_SESSION['LoginID'];
//create a unique file name
$unique_filename = generate_random_string(16,$loginID);
//get the original file base name to be stored in database as videoname
$videoname = basename($_FILES['video']['name']);//to be stored in mysql
//check for the file size and send back if not proper
if($_FILES['video']['size']>$g_file_size_limit)
{
  echo "File size is more than 12MB cannot upload file<br />";
  echo "<a href=\"videolist.php\">BACK</a>";
  include_once("template_end.php");
  exit();
}
echo "size of the file is ".$_FILES['video']['size'];
//have to move the uploaded file to temp folder for conversion
$temp_path =$g_temp_files_folder.$videoname;
//move the uploaded file to the location
if(!move_uploaded_file($_FILES['video']['tmp_name'],$temp_path))
{
  echo "file could not be moved <br />";
  echo "<a href=\"videolist.php\">BACK</a>";
  include_once("template_end.php");
  exit();
}
 
Now the problem is each time i try to upload a file it shows the session has expired. The settings for session in the ini file are as follows

Code: Select all

 
session.auto_start  Off 
session.bug_compat_42     On    
session.bug_compat_warn On  
session.cache_expire    180 
session.cache_limiter   nocache 
session.cookie_domain   no value    
session.cookie_httponly Off 
session.cookie_lifetime 0   
session.cookie_path /   
session.cookie_secure   Off 
session.entropy_file    no value    
session.entropy_length  0   
session.gc_divisor  100 100
session.gc_maxlifetime  1440    
session.gc_probability  1   
session.hash_bits_per_character 4   
session.hash_function   0   
session.name    PHPSESSID   
session.referer_check   no value    
session.save_handler    files   
session.save_path   no value    
session.serialize_handler   php 
session.use_cookies On
session.use_only_cookies    Off 
session.use_trans_sid   0   
 
Thought its a time out problem but cant figure out where.. please help

Re: session getting expired

Posted: Wed Mar 11, 2009 9:10 am
by Paul Arnold
Where are you setting $_SESSION['authenticate'] to 1?

Re: session getting expired

Posted: Wed Mar 11, 2009 9:48 am
by susrisha
I am setting it in a page authenticate.php which will be setting it when the user logs into the solution.

Code: Select all

 
 
//this is what i wrote for the authentication after the user logging is passed.
 
$_SESSION['authenticate']="1";
 
To add more.. I have left the page untouched for about 3 minutes and after that, tried to link to something else, even then the session fails. i think the timeout is set to 3 minutes. How do i change this?

Re: session getting expired

Posted: Thu Mar 12, 2009 5:12 am
by Paul Arnold
Hmm... this shouldn't be affecting it as '0' sets session lifetimes to indefinite but you could try setting;

session.cookie_lifetime 0

to

session.cookie_lifetime 1800

in your php.ini file to force the session lifetime to 30 minutes.

Re: session getting expired

Posted: Thu Mar 12, 2009 5:21 am
by The_Anomaly
Why do you have all of this session weirdness? Regenerate ID and then destroy? Just have session_start() in every page, no conditionals, no nothing. Then every page check if your session variable authenticated is 1, if not, then send yourself to the login page, which sets it to be 1, if valid authentication.

Your session handling is way overcomplicated, when there's no need for it to be. From http://php.net/session_start:
session_start() creates a session or resumes the current one based on the current session id that's being passed via a request, such as GET, POST, or a cookie.
Not sure if it'll fix your problem, but it'll certainly uncomplicate things a bit.

Re: session getting expired

Posted: Thu Mar 12, 2009 6:23 am
by susrisha
well thats all the part of the code when the user is not authenticated. Will uncomplicate it later. but i think i have solved it with a work around.

just for this page, i am trying to send everything in post and set the authenticate to 1 (of course only if i get the variables i need on a post). its a raw work around.

session.cookie_lifetime 1800
i have also tried this one.. no results yet