Session not destroying?

I pretty much just self tought my self PHP today (going from ASP).  I have a simeple log in page, an authentication page, then the protected pages.  When the user closes the web browser, the session should expire in 24 minutes if i am correct (in php.ini, session.gc_maxlife).  I change it from 1440 seconds, to 900 seconds (15 minutes). Sessions still wont expire if the user doesnt properly log out.  After more searching, i also found this in php.ini: "session.cache_expire =180".  Which one controls when a session times out and is removed?

When i log out using my logout page, it works just fine.

<?php
session_start();
if (isset($_COOKIE[session_name()])) {
   setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
header("Location: default.php");
?>

LVL 7
kmorris1186Asked:
Who is Participating?
 
hernst42Connect With a Mentor Commented:
the problem is that php is doing garbage session collection only from time to time, to get excatly what you want set

session.gc_probability = 100
session.gc_divisor     = 100

in your php.ini

Then each request expired session are destroyed. Look at the posted question. That should also be described there.
0
 
hernst42Commented:
Have a look at
http://www.experts-exchange.com/Web/Web_Languages/PHP/Q_21117716.html
for e detailed explainaition of that settings and how sessions expire in php
0
 
kmorris1186Author Commented:
Ok, i made some chages to the PHP Settings...

gc_maxlife = 900 (20 mins)
cache_expire  = 15 (15 minutes)

I restared IIS just in case...

Now i just need to wait and see if it kicks me out.
0
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

 
kmorris1186Author Commented:
I think i might have clicked Refresh to early.  If the session was destroyed, this code should redirect me back to the login page:

session_start();
if (isset($_SESSION['Auth'])) {
      if ($_SESSION['Auth']!='Yes') {      
            header("Location: default.php");
      }
} else {
      header("Location: default.php");
}
<HTML CODE HERE>

but i am about to leave the office.  I will check 1st thing in the morning.  That should definety tell me if the session was destroyed or not.
0
 
kmorris1186Author Commented:
After waiting till the next day, it still seems to have kept me logged in.

What am i doing wrong?
0
 
kmorris1186Author Commented:
Sorry for the delay on this.  I was having some internet problems at work.  I see what your talking about.  So this way everything is destroyed instead of 1 out of 1000 or so.

I will give that a try.
0
 
kmorris1186Author Commented:
Is there somthing i need to restart to get this to reload the ini?  Rebooting the PC is the last resort...
0
 
hernst42Commented:
You have to restart the webserver so the changes take effect for php
0
 
kmorris1186Author Commented:
Ok, i restated IIS. going to try it now.
0
All Courses

From novice to tech pro — start learning today.