Solved

Session not destroying?

Posted on 2004-10-28
617 Views
Last Modified: 2012-08-13
I pretty much just self tought my self PHP today (going from ASP).  I have a simeple log in page, an authentication page, then the protected pages.  When the user closes the web browser, the session should expire in 24 minutes if i am correct (in php.ini, session.gc_maxlife).  I change it from 1440 seconds, to 900 seconds (15 minutes). Sessions still wont expire if the user doesnt properly log out.  After more searching, i also found this in php.ini: "session.cache_expire =180".  Which one controls when a session times out and is removed?

When i log out using my logout page, it works just fine.

<?php
session_start();
if (isset($_COOKIE[session_name()])) {
   setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
header("Location: default.php");
?>

0
Question by:kmorris1186
    9 Comments
     
    LVL 48

    Expert Comment

    by:hernst42
    Have a look at
    http://www.experts-exchange.com/Web/Web_Languages/PHP/Q_21117716.html
    for e detailed explainaition of that settings and how sessions expire in php
    0
     
    LVL 7

    Author Comment

    by:kmorris1186
    Ok, i made some chages to the PHP Settings...

    gc_maxlife = 900 (20 mins)
    cache_expire  = 15 (15 minutes)

    I restared IIS just in case...

    Now i just need to wait and see if it kicks me out.
    0
     
    LVL 7

    Author Comment

    by:kmorris1186
    I think i might have clicked Refresh to early.  If the session was destroyed, this code should redirect me back to the login page:

    session_start();
    if (isset($_SESSION['Auth'])) {
          if ($_SESSION['Auth']!='Yes') {      
                header("Location: default.php");
          }
    } else {
          header("Location: default.php");
    }
    <HTML CODE HERE>

    but i am about to leave the office.  I will check 1st thing in the morning.  That should definety tell me if the session was destroyed or not.
    0
     
    LVL 7

    Author Comment

    by:kmorris1186
    After waiting till the next day, it still seems to have kept me logged in.

    What am i doing wrong?
    0
     
    LVL 48

    Accepted Solution

    by:
    the problem is that php is doing garbage session collection only from time to time, to get excatly what you want set

    session.gc_probability = 100
    session.gc_divisor     = 100

    in your php.ini

    Then each request expired session are destroyed. Look at the posted question. That should also be described there.
    0
     
    LVL 7

    Author Comment

    by:kmorris1186
    Sorry for the delay on this.  I was having some internet problems at work.  I see what your talking about.  So this way everything is destroyed instead of 1 out of 1000 or so.

    I will give that a try.
    0
     
    LVL 7

    Author Comment

    by:kmorris1186
    Is there somthing i need to restart to get this to reload the ini?  Rebooting the PC is the last resort...
    0
     
    LVL 48

    Expert Comment

    by:hernst42
    You have to restart the webserver so the changes take effect for php
    0
     
    LVL 7

    Author Comment

    by:kmorris1186
    Ok, i restated IIS. going to try it now.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT Security CISA, CISSP & CISM Certification

    Master the advanced techniques required to protect network resources from external threats with the IT Cyber Security bundle. Built around industry best-practice guidelines, the IT Cyber Security bundle consists of three in-depth courses.

    Introduction Many web sites contain image galleries; a common design for these galleries includes a page with a collection of thumbnail images.  You can click on each of the thumbnail images to see the larger version of the image.  This is easily i…
    Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
    The viewer will learn how to dynamically set the form action using jQuery.
    This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

    856 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now