2007. 10. 17, szerda keltezéssel 15.10-kor Holografix ezt írta: > Many thanks Zoltn. > > It's clear now > One more thing: session.cookie_lifetime defaults to 0 (until browser is > closed). > if setting session.cookie_lifetime to 60 can I look for > $_SESSION[session_name()] in every request ? why $_SESSION[session_name()]? I never bother with session_name and stuff like that, just put whatever I want to store in $_SESSION and voila it's there :) about session.cookie_lifetime: if the cookie expires on the client computer, the browser would not send it, so the server side would not receive the session ID, so the session data would be lost. that's good in some cases, but if you leave cookie_lifetime at its default, cookies expire when the browser is closed. that, combined with a lasttime value stored in the session, should be enough. greets Zoltán Németh > > best regards > holo > > > ""Zoltn Nmeth"" <znemeth@xxxxxxxxxxxxxx> wrote in message > news:1192621838.5342.7.camel@xxxxxxxxxxxx > > 2007. 10. 17, szerda keltezssel 11.58-kor Holografix ezt rta: > >> I have some questions about sessions timeout and sessions ini settings. > >> > >> In php.ini I have session.gc_maxlifetime = 30 (for testing purpose only) > >> , > >> session.gc_probability = 1 and session.gc_divisor = 100 (didn't touch > >> this > >> values) > >> > >> I have two simple pages > >> > >> > >> page1.php > >> --------- > >> session_start(); > >> $_SESSION["test"] = "TEST"; > >> <a href="page2.php">test timeout</a> > >> > >> > >> page2.php > >> ========= > >> session_start(); > >> if (!isset($_SESSION["test"]) ) { > >> echo "no session"; die(); > >> } > >> print_r($_SESSION); > >> > >> > >> I open page1.php in the browser and only click in the link after waiting > >> more than 30 seconds (session.gc_maxlifetime). > >> After this period what should happen with $_SESSION["test"] in page2.php? > >> > >> In php, session.gc_maxlifetime: ; After this number of seconds, stored > >> data > >> will be seen as 'garbage' and > >> ; cleaned up by the garbage collection process. > >> > >> I need to understand this and get a way to automaticly logout a user > >> after n > >> minutes of inactivity. > > > > session.gc_maxlifetime is not what you are looking for. it works like at > > every request there is a 1/100 chance > > (session.gc_probability/session.gc_divisor) that the garbage collector > > will run. if it runs, and finds session data older than > > session.gc_maxlifetime, that is cleaned up. > > > > in order to achieve what you want you should store a 'last action' > > timestamp or something like that in the session, and upon each request > > check how many seconds passed since that timestamp and decide session > > validity based on that. eg: > > > > session_start(); > > if ($_SESSION['last_action_timestamp'] - time() > $max_lifetime) > > { > > // session expired > > } > > else > > { > > $_SESSION['last_action_timestamp'] = time(); > > } > > > > greets > > Zoltn Nmeth > > > >> > >> My environment: > >> Windows XP PRO SP2, apache 2.2.4, php 5.2.4 (apache module), mysql 5.4.5 > >> > >> > >> Best regards > >> holo > >> > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
