2007. 10. 17, szerda keltezéssel 11.58-kor Holografix ezt írta:
> I have some questions about sessions timeout and sessions ini settings.
>
> In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only) ,
> session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch this
> values)
>
> I have two simple pages
>
>
> page1.php
> ---------
> session_start();
> $_SESSION["test"] = "TEST";
> <a href="page2.php">test timeout</a>
>
>
> page2.php
> =========
> session_start();
> if (!isset($_SESSION["test"]) ) {
> echo "no session"; die();
> }
> print_r($_SESSION);
>
>
> I open page1.php in the browser and only click in the link after waiting
> more than 30 seconds (session.gc_maxlifetime).
> After this period what should happen with $_SESSION["test"] in page2.php?
>
> In php, session.gc_maxlifetime: ; After this number of seconds, stored data
> will be seen as 'garbage' and
> ; cleaned up by the garbage collection process.
>
> I need to understand this and get a way to automaticly logout a user after n
> minutes of inactivity.
session.gc_maxlifetime is not what you are looking for. it works like at
every request there is a 1/100 chance
(session.gc_probability/session.gc_divisor) that the garbage collector
will run. if it runs, and finds session data older than
session.gc_maxlifetime, that is cleaned up.
in order to achieve what you want you should store a 'last action'
timestamp or something like that in the session, and upon each request
check how many seconds passed since that timestamp and decide session
validity based on that. eg:
session_start();
if ($_SESSION['last_action_timestamp'] - time() > $max_lifetime)
{
// session expired
}
else
{
$_SESSION['last_action_timestamp'] = time();
}
greets
Zoltán Németh
>
> My environment:
> Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5
>
>
> Best regards
> holo
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
