|
PHP - Php Session Expiry Time
Hello guys, I am new to PHP. I need some help. I am trying to build a web app, in which I have login functionality. I want to keep the logged in user session active for around 3-4 months. But in my case as soon as I close the browser, session data is lost and I need to login again. Can anyone help me with this. Similar TutorialsI've simply set some sessions.... $_SESSION['LoggedIn'] = 1; $_SESSION['UserID'] = $row["UserID"]; They don't seem to last very long, usually when I close my browser and go back on later, they'll expire. I want them to last permanently unless the user logs out. How do I do this? Thanks in advance. I'm trying to get an expiry date to work on my project.... but at the moment... it doesnt seem to be working. Heres the code for the main news submission form: Code: [Select] <form action='newsubmit.php' method='POST'> Title: <input type='text' name='title' /><br /> Story: <input type='text' name='story' /><br /> Upload Image: <a href="#" onclick="window.open('fileuploadprocess.php','mywindow','width=450,height=300,toolbar=no,location=no,directories=no,s tatus=no,menubar=no,scrollbars=yes,copyhistory=yes,resizable=yes')"> Click here</a> <?php require_once('../../../2740/recaptcha/recaptchalib.php'); $publickey = "6Ldbd8ASAAAAAL96lIWHSDRmoaVJhgQJuKQwXNbd"; echo recaptcha_get_html($publickey); ?> <input type='submit' name='submit' value='Submit' /> <input name='reset' type='reset' value='Reset' /> </form> Heres the code for the submission page: Code: [Select] <?php include_once("functions.php"); session_start(); $submit = clean_string($_POST['submit']); $title = clean_string($_POST['title']); $story = clean_string($_POST['story']); $datetoday = date('Y-m-d', $expires); $daystoexpire = '7'; $expires = time() + (86400 * $daystoexpire); $userid = $_SESSION['userID']; $newsimage = $_SESSION['imagelocation']; $message = ''; require_once('../../../2740/recaptcha/recaptchalib.php'); $privatekey = "6Ldbd8ASAAAAAFz8VT29H5w4WLNjsbI-mFY2QkaC"; $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); $message = ""; if ($submit == 'Submit') { if (!$resp->is_valid) { // What happens when the CAPTCHA was entered incorrectly $errMessage = $resp->error; $message = "<strong>The reCAPTCHA wasn't entered correctly. Please try again.</strong><br />" . "(reCAPTCHA said: $errMessage)<br />"; } else { // Process valid submission data here if ($title && $story) { //process details here if (strlen($title) > 80) { $message = "The title you have provided is too long. Please <a href='news_entry.php'>try again</a>"; } else { if (strlen($story) > 300) { $message = "The news story you have provided is too long. Please <a href='news_entry.php'>try again</a>"; } else { require_once("db_connect.php"); if ($db_server) { mysql_select_db("a200458721"); //Insert news story into news table $query = "INSERT INTO news (usersID, title, story, image, datetoday, expires) VALUES ('$userid', '$title', '$story', '$image', '$datetoday', '$expires')"; mysql_query($query) or die("User insert failed. " . mysql_error() . "<br />" . $query); $message = "News Story Successfully Submitted! Return to <a href='index.php'>homepage</a>"; } } } } else { $message = "Failed to connect to database"; } if ($expires < time()) { // Expired! } require_once("db_close.php"); } } else { $message = "please fill in all the required fields"; } echo $message; mysql_close($db_server); ?> At the moment, this is the error its throwing up: I'm not sure why its saying about the 1970 date either... User insert failed. Incorrect datetime value: '1303391514' for column 'expires' at row 1 INSERT INTO news (usersID, title, story, image, datetoday, expires) VALUES ('13', 'NEWS TITLE GOES HERE', 'NEWS STORY', '', '1970-01-01', '1303391514') Any ideas on why its throwing me up the error? Hello everyone, I've searched these forums for a while now trying to resolve a problem that I have with my sessions timing out before I would like them to, but I've only gotten confused about it. I've read about changing some settings or adding code in my php.ini file but I have no idea what I'm doing when it comes to that. I'm starting the session simply by having session_start(); at the top of each of my pages. I'm including a copy of my entire php.ini file here so that you can see what I have already. Can someone please help me to figure out what I would need to do to make my sessions last at least 8 hours? Thanks in advance. Here's my php.ini file: Code: [Select] register_globals = off allow_url_fopen = off expose_php = Off max_input_time = 60 variables_order = "EGPCS" extension_dir = ./ upload_tmp_dir = /tmp precision = 12 SMTP = relay-hosting.secureserver.net url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset=" ; Only uncomment zend optimizer lines if your application requires Zend Optimizer support ;[Zend] ;zend_optimizer.optimization_level=15 ;zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.3.3 ;zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3 ;zend_extension=/usr/local/Zend/lib/Optimizer-3.3.3/ZendExtensionManager.so ;zend_extension_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3/ZendExtensionManager_TS.so ; -- Be very careful to not to disable a function which might be needed! ; -- Uncomment the following lines to increase the security of your PHP site. ;disable_functions = "highlight_file,ini_alter,ini_restore,openlog,passthru, ; phpinfo, exec, system, dl, fsockopen, set_time_limit, ; popen, proc_open, proc_nice,shell_exec,show_source,symlink" Is it possible to set a certain session to time out after say 2 minutes. I want to lock a person from seeing a page for 2 minutes then destroy the session yet keep the primary session and still keep dpoing what they were doing? Just curious. Thanks, Hi I am developing a e-commerce website. The user logs in and buy a product when he checkout the page will redirect to the payment gateway. After the payment is completed it will return back to my website. This is ok. But when it is returning back the session maintained in my website get lost. This happen only for the first time. If the user again logged in and checkout the process works good and the session is maintaining. Why does the session lost for first time. I used session_start() in all the pages.. I cannot find the solutions. Kindly help.. Regards P.Balakrishnan how can i set a session to expire after a set amount of time, say 1 hour. i'm using the following code to create my session, but i dont know what i need to add to make it expire $_SESSION['pageviewsid'.$id] = $new; $new is the result from a calculation and $id is the page id from the URL using $_GET Hi all, I'm trying to increase the server default php session timeout from 1hour to 3hours. I don't have access to my php.ini but can use .htaccess. Is the following the correct way to do this? in the .htaccess add the line: php_value session.gc_maxlifetime 10800 Or would I be better off including the following after every session start() on everypage: Code: [Select] ini_set("session.gc_maxlifetime","10800"); thanks! We are working on a new student application system. Due to privacy laws, everything will be done behind https. However, this is one of many systems looked after by the system administrators. I would like to safeguard against the situation several years down the road when the certificate expires. There are several administration pages that will be checked frequently by the graduate admin assistant. While this person has no technical background, a warning several months before the certificate expires would allow her to remind the technical staff to renew the certificate. I know I can use curl to connect to my own server, but that seems like a long way to do it (and an extra https connection). Is there any way to get the certificate information for the current https connection from the server or from the php runtime? I have the following session timeout code which should redirect users of a website to a page (session_expired.php) which prints out a message telling the user that his session has expired. I include this code at the top of every page in the website, that requires user authentication. Code: [Select] <?php //address error handling ini_set ('display_errors', 1); error_reporting (E_ALL & ~E_NOTICE); if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) { // last request was more than 30 minates ago session_destroy(); // destroy session data in storage session_unset(); // unset $_SESSION variable for the runtime header("location: session_expired.php"); } $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp ?> The session_expired.php page which I will include below, has a login link, which takes the user to a login page (access_denied.php) Code: [Select] <?php //address error handling ini_set ('display_errors', 1); error_reporting (E_ALL & ~E_NOTICE); //Set the page title before the header file $title = 'Session Expired'; require ('header.php'); //need the header ?> <div id="content" class=""> <div id="left_content" class=""> </div> <!--closes left content--> <div id="right_content" class=""> <div id= "right_content_inner_border"> <h5 style ="position:relative;left:660px;top:1px;"> <a style="text-decoration:none" href="access_denied.php">[Login]</a> </h5> <h3 style ="position:relative;left:110px;top:100px; font-color:blue;"> You Session Expired Due to Inactivity! </h3> </div> <!--closes right content inner border--> </div> <!--closes right content--> </div> <!--closes content--> <?php require ('footer.php'); //need the footer ?> Now here lies the problem. When i set the session timeout to say 60 seconds to test the code, everything seems to work perfectly. The authenticated page gets redirected to session_expired.php after 1 minute and when the user clicks on the login link, he is taken back to the login page(access_denied.php). However, when I replace the time with 1800 seconds, the page notice that when I leave the page idle for JUST about 5 minutes, it gets redirected NOT even to the expected session_expired.php page but strangely, directly to the login page(access_denied.php). What could be going wrong here? Any hint is appreciated. As my title said the question, i want to destroy my session after a particular time if user is being ideal.. currently i am using this code to define my session: Code: [Select] session_start(); // Check, if username session is NOT set then this page will jump to login page if (!isset($_SESSION['myusername'])) { header('Location: admin.php'); } in this page http://maximaart.com/newscp/ i have this problem Code: [Select] Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2 my source code is <?php session_start(); include_once("config.php"); include_once("functions.php"); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") { // the user id and password match, $_SESSION['basic_is_logged_in'] = true; require("main.php"); exit;?> I am trying to create an index page which contains registration and login field the problem that i get is on successful login a warning is displayed session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235 This is the login part of my index.php this tag is inside an html table below the login form I also have a registration form and its php code above the login form Code: [Select] <?php if (isset($_REQUEST['pass'])) { $id=$_POST['id']; $pass=$_POST['pass']; $conn =mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } /* checking connection....success! */ $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } if (isset($_REQUEST['id']) || (isset($_REQUEST['pass']))) { if($_REQUEST['id'] == "" || $_REQUEST['pass']=="") { echo "login fields cannot be empty"; } else { $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) /* $count checks if username and password are in same row */ { session_start(); $_SESSION['id']=$id; echo "</br>Login Successful</br>"; } else { echo "</br>invalid</br>"; echo "please try to login again</br>"; } } } } ?> Any help or suggestion would be appreciated I am having trouble resolving an error. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this: echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php. Code: [Select] <?php session_start(); if(isset($_SESSION['user'])) echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; ?> <div id="loginform"> <form action="dologin.php" method="post"> <table> <tr> <td><span>Username:</span></td> <td><input type="text" name="username" /></td> </tr> <tr> <td><span>Password:</span></td> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td> </tr> </table> </form> </div> I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this. Any advice is greatly appreciated! hi everyone. i'm wondering what the best way is to create a session variable and pass it to an iframe. i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this? Code: [Select] session_start(); $_SESSION['ID']=$_GET['ID']; // id from previous page $ID=session_id(); <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe> I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content. To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in? My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive. PHP date and time function is not showing correct time on my local system I have the following php code date_default_timezone_set("Africa/Lagos"); $date = date('d-m-y h:i:s'); echo "Server Time ".$date ."<br>"; echo "The time is " . date("h:i:sa")."<br>"; $current_datetime = date("Y-m-d") . ' ' . date("H:i:s", STRTOTIME(date('h:i:sa'))); echo "Current time1: ".$current_datetime . "<br>";
Output
Server Time 21-05-21 09:55:39
Expected Output
Server Time 21-05-21 10:55:39
Any help would be appreciated. Edited May 21 by Ponel Basically I have recently been playing around with parsing a csv file. What I am looking to do at this point is simply take the date/timestamp (part of the csv file), which is in the following format:DD/MM HH:MM:SS.100th/s For the sake of argument, lets say I have this in an array string called $csv[0] and the file has several lines that span the course of a couple hours. I wouldn't mind having to use explode() to breakup/remove the date or 100th/s IF that would make things a lot simpler. So where would I start in trying to achieve this?. The result I am looking for will simply return "X Seconds". Storing this in a string variable would be a bonus, as I plan to use this to divide a separate piece of information. Any examples or ideas would be great. Thank you. ps: Here is an example time from the csv file itself: Code: [Select] 11/19 22:23:18.143 I am trying to simulate an ad expiration and carry out an action if the ad is expired. And I cannot get the if/else to work properly... I've tried many variations and I cannot see what I am doing wrong here. Any tips please 3 hours and counting of no solution! $ad_start = time()-14 . "<br />"; // 14 days from today in the past (negative) echo $ad_start; $current_time = time() . "<br />"; // current epoch time echo $current_time; $days_past = $ad_start - $current_time; // days past echo "<br />$days_past days have past since the ad started!<br />"; if($days_past <= 14) { echo "<br />Ad is less than 14 days. Not expired."; } else { echo "<br />Ad is over 14 days. Expired."; } Just curious how other people feel about this. I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.
Would it make more sense to...
1. Pull all data ONCE and store it in SESSION variables to use on other pages
2. Pull the data from the database on each new page that needs it
I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?
Side question that's kind of related: As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?
Both are probably loaded questions but any possible insight would be appreciated.
Thanks!
Greg
Edited by galvin, 04 November 2014 - 10:30 AM. Evening! I've been iffing and ahhing over this and well im not too sure, hence the post. Code: [Select] // Redirects if there is no session id selected and echos the error on the previous page if(!isset($_GET['get']) || ($_GET['getget'])){ header("Location: #.php?error"); } So it should simply check if get is set if it isnt then see if getget is set? If not redirect and show the error. Now ive tried it and even when get/getget is set it still redirects, probably something silly. Care to share anyone? Harry. |
|||||||