|
PHP - Session Time Length
Hello everyone,
I've searched these forums for a while now trying to resolve a problem that I have with my sessions timing out before I would like them to, but I've only gotten confused about it. I've read about changing some settings or adding code in my php.ini file but I have no idea what I'm doing when it comes to that. I'm starting the session simply by having session_start(); at the top of each of my pages. I'm including a copy of my entire php.ini file here so that you can see what I have already. Can someone please help me to figure out what I would need to do to make my sessions last at least 8 hours? Thanks in advance. Here's my php.ini file: Code: [Select] register_globals = off allow_url_fopen = off expose_php = Off max_input_time = 60 variables_order = "EGPCS" extension_dir = ./ upload_tmp_dir = /tmp precision = 12 SMTP = relay-hosting.secureserver.net url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset=" ; Only uncomment zend optimizer lines if your application requires Zend Optimizer support ;[Zend] ;zend_optimizer.optimization_level=15 ;zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.3.3 ;zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3 ;zend_extension=/usr/local/Zend/lib/Optimizer-3.3.3/ZendExtensionManager.so ;zend_extension_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3/ZendExtensionManager_TS.so ; -- Be very careful to not to disable a function which might be needed! ; -- Uncomment the following lines to increase the security of your PHP site. ;disable_functions = "highlight_file,ini_alter,ini_restore,openlog,passthru, ; phpinfo, exec, system, dl, fsockopen, set_time_limit, ; popen, proc_open, proc_nice,shell_exec,show_source,symlink" Similar TutorialsFor PHP 7.4, what is the recommended session length that I should be using to have the best security? In DEV< in my php.ini file, session.sid_length = 26 According to the comments above that, it sounds like you can go up to 256. Is it fair to assume that larger is more secure? Also, if I set it to a larger size like 256, is tehre any risk of breaking things on my (VPS) web server running WHM/cPanel? When a user logs on, I authenticate them with a session. How do I use php to determine the time until the session will expire? I realize I could go into the ini file but is there a php code that can query this info and echo it back? Hi all, Yesterday I moved a web application from a normal cookie session to a use_trans_sid session because some users' browser didn't accept cookies. This works great, but the session used to last for 45 minutes (set with session.gc_maxlifetime), but after the change the session times out faster. (How) can I set the session length if I use use_trans_sid? Thanks, Base PS: PHP version 5.2.13-1 Hi all, I'm trying to increase the server default php session timeout from 1hour to 3hours. I don't have access to my php.ini but can use .htaccess. Is the following the correct way to do this? in the .htaccess add the line: php_value session.gc_maxlifetime 10800 Or would I be better off including the following after every session start() on everypage: Code: [Select] ini_set("session.gc_maxlifetime","10800"); thanks! Is it possible to set a certain session to time out after say 2 minutes. I want to lock a person from seeing a page for 2 minutes then destroy the session yet keep the primary session and still keep dpoing what they were doing? Just curious. Thanks, how can i set a session to expire after a set amount of time, say 1 hour. i'm using the following code to create my session, but i dont know what i need to add to make it expire $_SESSION['pageviewsid'.$id] = $new; $new is the result from a calculation and $id is the page id from the URL using $_GET Hi I am developing a e-commerce website. The user logs in and buy a product when he checkout the page will redirect to the payment gateway. After the payment is completed it will return back to my website. This is ok. But when it is returning back the session maintained in my website get lost. This happen only for the first time. If the user again logged in and checkout the process works good and the session is maintaining. Why does the session lost for first time. I used session_start() in all the pages.. I cannot find the solutions. Kindly help.. Regards P.Balakrishnan Hello guys, I am new to PHP. I need some help. I am trying to build a web app, in which I have login functionality. I want to keep the logged in user session active for around 3-4 months. But in my case as soon as I close the browser, session data is lost and I need to login again. Can anyone help me with this. I have the following session timeout code which should redirect users of a website to a page (session_expired.php) which prints out a message telling the user that his session has expired. I include this code at the top of every page in the website, that requires user authentication. Code: [Select] <?php //address error handling ini_set ('display_errors', 1); error_reporting (E_ALL & ~E_NOTICE); if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) { // last request was more than 30 minates ago session_destroy(); // destroy session data in storage session_unset(); // unset $_SESSION variable for the runtime header("location: session_expired.php"); } $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp ?> The session_expired.php page which I will include below, has a login link, which takes the user to a login page (access_denied.php) Code: [Select] <?php //address error handling ini_set ('display_errors', 1); error_reporting (E_ALL & ~E_NOTICE); //Set the page title before the header file $title = 'Session Expired'; require ('header.php'); //need the header ?> <div id="content" class=""> <div id="left_content" class=""> </div> <!--closes left content--> <div id="right_content" class=""> <div id= "right_content_inner_border"> <h5 style ="position:relative;left:660px;top:1px;"> <a style="text-decoration:none" href="access_denied.php">[Login]</a> </h5> <h3 style ="position:relative;left:110px;top:100px; font-color:blue;"> You Session Expired Due to Inactivity! </h3> </div> <!--closes right content inner border--> </div> <!--closes right content--> </div> <!--closes content--> <?php require ('footer.php'); //need the footer ?> Now here lies the problem. When i set the session timeout to say 60 seconds to test the code, everything seems to work perfectly. The authenticated page gets redirected to session_expired.php after 1 minute and when the user clicks on the login link, he is taken back to the login page(access_denied.php). However, when I replace the time with 1800 seconds, the page notice that when I leave the page idle for JUST about 5 minutes, it gets redirected NOT even to the expected session_expired.php page but strangely, directly to the login page(access_denied.php). What could be going wrong here? Any hint is appreciated. As my title said the question, i want to destroy my session after a particular time if user is being ideal.. currently i am using this code to define my session: Code: [Select] session_start(); // Check, if username session is NOT set then this page will jump to login page if (!isset($_SESSION['myusername'])) { header('Location: admin.php'); } I know the default length of a tiny int is less than an int, but if I put in the same length for both, are they essentially the same type? I am trying to create an index page which contains registration and login field the problem that i get is on successful login a warning is displayed session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235 This is the login part of my index.php this tag is inside an html table below the login form I also have a registration form and its php code above the login form Code: [Select] <?php if (isset($_REQUEST['pass'])) { $id=$_POST['id']; $pass=$_POST['pass']; $conn =mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } /* checking connection....success! */ $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } if (isset($_REQUEST['id']) || (isset($_REQUEST['pass']))) { if($_REQUEST['id'] == "" || $_REQUEST['pass']=="") { echo "login fields cannot be empty"; } else { $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) /* $count checks if username and password are in same row */ { session_start(); $_SESSION['id']=$id; echo "</br>Login Successful</br>"; } else { echo "</br>invalid</br>"; echo "please try to login again</br>"; } } } } ?> Any help or suggestion would be appreciated in this page http://maximaart.com/newscp/ i have this problem Code: [Select] Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2 my source code is <?php session_start(); include_once("config.php"); include_once("functions.php"); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") { // the user id and password match, $_SESSION['basic_is_logged_in'] = true; require("main.php"); exit;?> I am having trouble resolving an error. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this: echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php. Code: [Select] <?php session_start(); if(isset($_SESSION['user'])) echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; ?> <div id="loginform"> <form action="dologin.php" method="post"> <table> <tr> <td><span>Username:</span></td> <td><input type="text" name="username" /></td> </tr> <tr> <td><span>Password:</span></td> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td> </tr> </table> </form> </div> I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this. Any advice is greatly appreciated! I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content. To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in? My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive. hi everyone. i'm wondering what the best way is to create a session variable and pass it to an iframe. i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this? Code: [Select] session_start(); $_SESSION['ID']=$_GET['ID']; // id from previous page $ID=session_id(); <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe> PHP date and time function is not showing correct time on my local system I have the following php code date_default_timezone_set("Africa/Lagos"); $date = date('d-m-y h:i:s'); echo "Server Time ".$date ."<br>"; echo "The time is " . date("h:i:sa")."<br>"; $current_datetime = date("Y-m-d") . ' ' . date("H:i:s", STRTOTIME(date('h:i:sa'))); echo "Current time1: ".$current_datetime . "<br>";
Output
Server Time 21-05-21 09:55:39
Expected Output
Server Time 21-05-21 10:55:39
Any help would be appreciated. Edited May 21 by Ponel I am trying to simulate an ad expiration and carry out an action if the ad is expired. And I cannot get the if/else to work properly... I've tried many variations and I cannot see what I am doing wrong here. Any tips please 3 hours and counting of no solution! $ad_start = time()-14 . "<br />"; // 14 days from today in the past (negative) echo $ad_start; $current_time = time() . "<br />"; // current epoch time echo $current_time; $days_past = $ad_start - $current_time; // days past echo "<br />$days_past days have past since the ad started!<br />"; if($days_past <= 14) { echo "<br />Ad is less than 14 days. Not expired."; } else { echo "<br />Ad is over 14 days. Expired."; } Basically I have recently been playing around with parsing a csv file. What I am looking to do at this point is simply take the date/timestamp (part of the csv file), which is in the following format:DD/MM HH:MM:SS.100th/s For the sake of argument, lets say I have this in an array string called $csv[0] and the file has several lines that span the course of a couple hours. I wouldn't mind having to use explode() to breakup/remove the date or 100th/s IF that would make things a lot simpler. So where would I start in trying to achieve this?. The result I am looking for will simply return "X Seconds". Storing this in a string variable would be a bonus, as I plan to use this to divide a separate piece of information. Any examples or ideas would be great. Thank you. ps: Here is an example time from the csv file itself: Code: [Select] 11/19 22:23:18.143 Hi all,
The output of the following line of code where user is Jack1234
$user = filter_input(INPUT_POST, 'user', FILTER_SANITIZE_STRING);using var_dump is string 'Jack1234' (length=8)I would like to know if there is someway we can use/retrieve the length value of the string that is displayed in the output or verify the string length against it. Thanks. |
|||||||