Menu
Community /Pin to ProfileBookmark
@NogDogFeb 21.2009 — #Decrease the amount of time you allow session data to be stored on the [i]host[/i]. One way would be via the various [url=http://us.php.net/manual/en/session.configuration.php#ini.session.gc-probability]session.gc_* configuration settings[/url] . Another would be to add a session variable that gets the current time stamp saved in it, then have you login status check function require a new login if the time is more than X seconds old.@NogDogFeb 21.2009 — #It's possible if you use a separate directory to store the session data for all scripts using this shorter session time.
One potential problem though is that in my experience the GC stuff is run after the rest of the session_start() stuff is executed. So if a user starts a session, does not do anything for more than the maxlifetime, then starts another script, his data will still be there if no other user has accessed a session via the same session start code after the first user's data has expired (causing the garbage collector to be run).
So if this issue is important and you do not expect some fairly high and consistent enough amount of traffic, then the other option of setting a timestamp session value and checking it on each page access would be more reliable. E.g.:
session in Firefox
Hi all..
I have craeted a session variable as follows
[CODE]$_SESSION[‘test’] = “mm”;
as per my knowledge on session it should destroy when the user is closed.
in IE its working as expected.
but in FF when i attempt to close FF it will ask ” whether you want to save your state” I clicked “yes”
and when I try to open FF again it asks to reload previous session I asked to reload previous session, then my application itself reloads and I am able to see the session I had created is still exist.
Same happens when I kill FF session from windows task manager and reload previous session while opening new FF.
Can you tell me why tis happens?
How can I avoid that??
thanks
btb
Sign in
to post a comment9 Comments(s) ↴
0
@NogDogFeb 21.2009 — #Decrease the amount of time you allow session data to be stored on the [i]host[/i]. One way would be via the various 0
@NogDogFeb 21.2009 — #It's possible if you use a separate directory to store the session data for all scripts using this shorter session time.[code=php]
<?php
$sessionDirectory = '/path/to/writable/session/directory';
session_save_path($sessionDirectory);
ini_set('session.gc_maxlifetime', 600); // 10 minutes
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1); // run garbage collector every time
session_start();
[/code]One potential problem though is that in my experience the GC stuff is run after the rest of the session_start() stuff is executed. So if a user starts a session, does not do anything for more than the maxlifetime, then starts another script, his data will still be there if no other user has accessed a session via the same session start code after the first user's data has expired (causing the garbage collector to be run).
So if this issue is important and you do not expect some fairly high and consistent enough amount of traffic, then the other option of setting a timestamp session value and checking it on each page access would be more reliable. E.g.:
[code=php]
session_start();
$lastAccess = (isset($_SESSION['accessTime'])) ? $_SESSION['accessTime'] : 0;
$timeOutSeconds = 600;
if(time() - $lastAccess > $timeOutSeconds)
{
$_SESSION = array();
header('Location: http://www.example.com/login.php');
exit;
}
$_SESSION['accessTime'] = time();
// . . . rest of script . . .
?>
[/code]