Jump to content

session


westman
 Share

Recommended Posts

Hi all,
I think I have a session problem.
When my site is not busy, I can stay logged in for days.But when my site is busy I get logged out within an hour.
My server is running PHP 5.2
Here is my start session code...
session_register("id");$_SESSION['id'] = $id;session_register('idt');$_SESSION['idt'] = base64_encode("j4p3q9w8s5rq5g3hs34$id");session_register('username');$_SESSION['username'] = $username;session_register('userpass');$_SESSION['userpass'] = $userpass;session_register('useremail');$_SESSION['useremail'] = $useremail;
Here is my check session code...
session_start();if (!isset($_SESSION['id'])) { header("location:../index.php");exit(); }if (!isset($_SESSION['username'])) { header("location:../index.php");exit(); }if (!isset($_SESSION['userpass'])) { header("location:../index.php");exit(); }if (!isset($_SESSION['useremail'])) { header("location:../index.php");exit(); }if (!isset($_SESSION['idt'])) { header("location:../index.php");exit(); }if (isset($_SESSION['idt'])) {$id = $_SESSION['id'];$idt = $_SESSION['idt'];$username = $_SESSION['username'];$userpass = $_SESSION['userpass'];$useremail = $_SESSION['useremail'];$decryptedID = base64_decode($_SESSION['idt']);$id_array = explode("j4p3q9w8s5rq5g3hs34", $decryptedID);$trueid = $id_array[1];if ($trueid != $id){header("location:../index.php");exit();   }else{$logincheck = "1";}$trueid = mysql_real_escape_string($trueid);$iduserpass = mysql_real_escape_string($iduserpass);$id = mysql_real_escape_string($id);$sql2 = mysql_query("SELECT * FROM mem WHERE id='$trueid' AND password='$userpass' LIMIT 1");$numRows = mysql_num_rows($sql2);if ($numRows = 1) {$logincheck = "1";}else{header("location:../index.php"); exit(); }while($row = mysql_fetch_array($sql2)){ $usernameck = $row["username"];$useremailck = $row["email"];if ($usernameck != $username){header("location:../index.php");exit(); }   if ($useremailck != $useremail){header("location:../index.php");exit(); }   }}

any help?

 

Link to comment
Share on other sites

Using session_register is not supported or needed anymore, it's removed from PHP 5.4. How do you keep your session active? Are you sending ajax requests or anything to keep it alive? By default, a session will expire after 24 minutes of no activity.

  • Like 1
Link to comment
Share on other sites

 

 

My server is running PHP 5.2

That's fine, but there's no reason to use code that is 12+ years old when you could be using the current things. Do you know what session_register does? Do you realize it creates a global variable? It's only going to do that if register_globals is enabled though, but PHP 4.2 disabled register_globals by default (that was in 2002, so that's how long ago people stopped using session_register). I'm just saying that it would be a good idea to learn the current way of doing things, regardless of what version your server is running.

 

Check the manual page on sessions for examples of how to use them:

 

http://www.php.net/manual/en/session.examples.basic.php

 

Note that you always need to use session_start, you didn't show that in the code that initially sets the values in the session but if it works then I assume it's there somewhere. Also, if the server is set up in a relatively secure way then you don't need to encrypt anything in the session, the values in the session are only available to PHP.

Link to comment
Share on other sites

thank you so much, i am now using...

$_SESSION['id'] = $id;

and I am not using...

session_register("id");$_SESSION['id'] = $id;

how long till me session times out?

Using session_register is not supported or needed anymore, it's removed from PHP 5.4. How do you keep your session active? Are you sending ajax requests or anything to keep it alive? By default, a session will expire after 24 minutes of no activity.

Link to comment
Share on other sites

i have been googleing "gc-maxlifetime", "session time" and "php.ini"

 

and i can't seem to get any where. my aim is to set my sessions to timeout after 4 hours of not been active.

i have php5.ini on my server and can't seem to open it on my browser.

 

what do i need to do 1st?

Link to comment
Share on other sites

It would make sense to change the session.gc_maxlifetime setting in php.ini. You don't open that file with your browser, you download it with an FTP client, edit it, and upload it again. Or use SSH to edit it directly on the server. Your server might also have a control panel where you can change settings. You can also change that setting in a .htaccess file if your server supports them. It's also possible to change it in each of your scripts, but that wouldn't be the best way to do it.

Link to comment
Share on other sites

You don't use ini_set in php.ini, ini_set is a PHP function for settings options at runtime. Look at the existing php.ini file or PHP's documentation to see how to set options. Start by searching for the option you're trying to change.

 

You can use a phpinfo page to get what the configuration and runtime settings are.

Link to comment
Share on other sites

If you see the code then the server isn't executing the PHP. Make sure it's a PHP file.

 

The ini file is already filled with options, there are examples all over the file. Open the file and search for the option you're trying to change, you might find it already being set to the default value. If it's not in the file then add it, but the rest of the PHP options should already be in the file so you can see how they are set up.

 

Here's the manual for it:

 

http://www.php.net/manual/en/configuration.file.php

Link to comment
Share on other sites

That's right, it's not working. The phpinfo output will show the configuration file it is using, that is the one you need to edit. If you're on a shared host then you may not be allowed to change that file. Maybe your host has user ini files set up like it describes here:

 

http://www.php.net/manual/en/configuration.file.per-user.php

 

You can also use .htaccess to change options if you're on Apache, this describes how:

 

http://www.php.net/manual/en/configuration.changes.php

 

If you're changing the root php.ini file, then you also usually need to restart the web server for changes to take effect.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...