Many thanks Zoltán. It's clear now One more thing: session.cookie_lifetime defaults to 0 (until browser is closed). if setting session.cookie_lifetime to 60 can I look for $_SESSION[session_name()] in every request ? best regards holo ""Zoltán Németh"" <znemeth@xxxxxxxxxxxxxx> wrote in message news:1192621838.5342.7.camel@xxxxxxxxxxxx > 2007. 10. 17, szerda keltezéssel 11.58-kor Holografix ezt írta: >> I have some questions about sessions timeout and sessions ini settings. >> >> In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only) >> , >> session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch >> this >> values) >> >> I have two simple pages >> >> >> page1.php >> --------- >> session_start(); >> $_SESSION["test"] = "TEST"; >> <a href="page2.php">test timeout</a> >> >> >> page2.php >> ========= >> session_start(); >> if (!isset($_SESSION["test"]) ) { >> echo "no session"; die(); >> } >> print_r($_SESSION); >> >> >> I open page1.php in the browser and only click in the link after waiting >> more than 30 seconds (session.gc_maxlifetime). >> After this period what should happen with $_SESSION["test"] in page2.php? >> >> In php, session.gc_maxlifetime: ; After this number of seconds, stored >> data >> will be seen as 'garbage' and >> ; cleaned up by the garbage collection process. >> >> I need to understand this and get a way to automaticly logout a user >> after n >> minutes of inactivity. > > session.gc_maxlifetime is not what you are looking for. it works like at > every request there is a 1/100 chance > (session.gc_probability/session.gc_divisor) that the garbage collector > will run. if it runs, and finds session data older than > session.gc_maxlifetime, that is cleaned up. > > in order to achieve what you want you should store a 'last action' > timestamp or something like that in the session, and upon each request > check how many seconds passed since that timestamp and decide session > validity based on that. eg: > > session_start(); > if ($_SESSION['last_action_timestamp'] - time() > $max_lifetime) > { > // session expired > } > else > { > $_SESSION['last_action_timestamp'] = time(); > } > > greets > Zoltán Németh > >> >> My environment: >> Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5 >> >> >> Best regards >> holo >> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
