[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Session not destroying?

Posted on 2004-10-28
9
Medium Priority
?
644 Views
Last Modified: 2012-08-13
I pretty much just self tought my self PHP today (going from ASP).  I have a simeple log in page, an authentication page, then the protected pages.  When the user closes the web browser, the session should expire in 24 minutes if i am correct (in php.ini, session.gc_maxlife).  I change it from 1440 seconds, to 900 seconds (15 minutes). Sessions still wont expire if the user doesnt properly log out.  After more searching, i also found this in php.ini: "session.cache_expire =180".  Which one controls when a session times out and is removed?

When i log out using my logout page, it works just fine.

<?php
session_start();
if (isset($_COOKIE[session_name()])) {
   setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
header("Location: default.php");
?>

0
Comment
Question by:kmorris1186
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 48

Expert Comment

by:hernst42
ID: 12438718
Have a look at
http://www.experts-exchange.com/Web/Web_Languages/PHP/Q_21117716.html
for e detailed explainaition of that settings and how sessions expire in php
0
 
LVL 7

Author Comment

by:kmorris1186
ID: 12438836
Ok, i made some chages to the PHP Settings...

gc_maxlife = 900 (20 mins)
cache_expire  = 15 (15 minutes)

I restared IIS just in case...

Now i just need to wait and see if it kicks me out.
0
 
LVL 7

Author Comment

by:kmorris1186
ID: 12439010
I think i might have clicked Refresh to early.  If the session was destroyed, this code should redirect me back to the login page:

session_start();
if (isset($_SESSION['Auth'])) {
      if ($_SESSION['Auth']!='Yes') {      
            header("Location: default.php");
      }
} else {
      header("Location: default.php");
}
<HTML CODE HERE>

but i am about to leave the office.  I will check 1st thing in the morning.  That should definety tell me if the session was destroyed or not.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 7

Author Comment

by:kmorris1186
ID: 12448453
After waiting till the next day, it still seems to have kept me logged in.

What am i doing wrong?
0
 
LVL 48

Accepted Solution

by:
hernst42 earned 500 total points
ID: 12448675
the problem is that php is doing garbage session collection only from time to time, to get excatly what you want set

session.gc_probability = 100
session.gc_divisor     = 100

in your php.ini

Then each request expired session are destroyed. Look at the posted question. That should also be described there.
0
 
LVL 7

Author Comment

by:kmorris1186
ID: 12467653
Sorry for the delay on this.  I was having some internet problems at work.  I see what your talking about.  So this way everything is destroyed instead of 1 out of 1000 or so.

I will give that a try.
0
 
LVL 7

Author Comment

by:kmorris1186
ID: 12473294
Is there somthing i need to restart to get this to reload the ini?  Rebooting the PC is the last resort...
0
 
LVL 48

Expert Comment

by:hernst42
ID: 12473432
You have to restart the webserver so the changes take effect for php
0
 
LVL 7

Author Comment

by:kmorris1186
ID: 12473461
Ok, i restated IIS. going to try it now.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This article discusses how to create an extensible mechanism for linked drop downs.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question