westman Posted July 22, 2013 Share Posted July 22, 2013 Hi all, I think I have a session problem. When my site is not busy, I can stay logged in for days.But when my site is busy I get logged out within an hour. My server is running PHP 5.2 Here is my start session code... session_register("id");$_SESSION['id'] = $id;session_register('idt');$_SESSION['idt'] = base64_encode("j4p3q9w8s5rq5g3hs34$id");session_register('username');$_SESSION['username'] = $username;session_register('userpass');$_SESSION['userpass'] = $userpass;session_register('useremail');$_SESSION['useremail'] = $useremail; Here is my check session code... session_start();if (!isset($_SESSION['id'])) { header("location:../index.php");exit(); }if (!isset($_SESSION['username'])) { header("location:../index.php");exit(); }if (!isset($_SESSION['userpass'])) { header("location:../index.php");exit(); }if (!isset($_SESSION['useremail'])) { header("location:../index.php");exit(); }if (!isset($_SESSION['idt'])) { header("location:../index.php");exit(); }if (isset($_SESSION['idt'])) {$id = $_SESSION['id'];$idt = $_SESSION['idt'];$username = $_SESSION['username'];$userpass = $_SESSION['userpass'];$useremail = $_SESSION['useremail'];$decryptedID = base64_decode($_SESSION['idt']);$id_array = explode("j4p3q9w8s5rq5g3hs34", $decryptedID);$trueid = $id_array[1];if ($trueid != $id){header("location:../index.php");exit(); }else{$logincheck = "1";}$trueid = mysql_real_escape_string($trueid);$iduserpass = mysql_real_escape_string($iduserpass);$id = mysql_real_escape_string($id);$sql2 = mysql_query("SELECT * FROM mem WHERE id='$trueid' AND password='$userpass' LIMIT 1");$numRows = mysql_num_rows($sql2);if ($numRows = 1) {$logincheck = "1";}else{header("location:../index.php"); exit(); }while($row = mysql_fetch_array($sql2)){ $usernameck = $row["username"];$useremailck = $row["email"];if ($usernameck != $username){header("location:../index.php");exit(); } if ($useremailck != $useremail){header("location:../index.php");exit(); } }} any help? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 22, 2013 Share Posted July 22, 2013 Using session_register is not supported or needed anymore, it's removed from PHP 5.4. How do you keep your session active? Are you sending ajax requests or anything to keep it alive? By default, a session will expire after 24 minutes of no activity. 1 Link to comment Share on other sites More sharing options...
westman Posted July 22, 2013 Author Share Posted July 22, 2013 My server is running PHP 5.2 if session_register("id"); has been removed from PHP what can i use in its place? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 22, 2013 Share Posted July 22, 2013 My server is running PHP 5.2 That's fine, but there's no reason to use code that is 12+ years old when you could be using the current things. Do you know what session_register does? Do you realize it creates a global variable? It's only going to do that if register_globals is enabled though, but PHP 4.2 disabled register_globals by default (that was in 2002, so that's how long ago people stopped using session_register). I'm just saying that it would be a good idea to learn the current way of doing things, regardless of what version your server is running. Check the manual page on sessions for examples of how to use them: http://www.php.net/manual/en/session.examples.basic.php Note that you always need to use session_start, you didn't show that in the code that initially sets the values in the session but if it works then I assume it's there somewhere. Also, if the server is set up in a relatively secure way then you don't need to encrypt anything in the session, the values in the session are only available to PHP. Link to comment Share on other sites More sharing options...
westman Posted July 22, 2013 Author Share Posted July 22, 2013 thank you so much, i am now using... $_SESSION['id'] = $id; and I am not using... session_register("id");$_SESSION['id'] = $id; how long till me session times out? Link to comment Share on other sites More sharing options...
thescientist Posted July 22, 2013 Share Posted July 22, 2013 thank you so much, i am now using...$_SESSION['id'] = $id;and I am not using...session_register("id");$_SESSION['id'] = $id;how long till me session times out? Using session_register is not supported or needed anymore, it's removed from PHP 5.4. How do you keep your session active? Are you sending ajax requests or anything to keep it alive? By default, a session will expire after 24 minutes of no activity. Link to comment Share on other sites More sharing options...
justsomeguy Posted July 22, 2013 Share Posted July 22, 2013 The default is 24 minutes of inactivity. This is the setting that controls it: http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime Link to comment Share on other sites More sharing options...
westman Posted July 23, 2013 Author Share Posted July 23, 2013 i have been googleing "gc-maxlifetime", "session time" and "php.ini" and i can't seem to get any where. my aim is to set my sessions to timeout after 4 hours of not been active. i have php5.ini on my server and can't seem to open it on my browser. what do i need to do 1st? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 23, 2013 Share Posted July 23, 2013 It would make sense to change the session.gc_maxlifetime setting in php.ini. You don't open that file with your browser, you download it with an FTP client, edit it, and upload it again. Or use SSH to edit it directly on the server. Your server might also have a control panel where you can change settings. You can also change that setting in a .htaccess file if your server supports them. It's also possible to change it in each of your scripts, but that wouldn't be the best way to do it. Link to comment Share on other sites More sharing options...
westman Posted July 23, 2013 Author Share Posted July 23, 2013 ok ppl i put... ini_set('session.gc_maxlifetime', 10800); # 3 hours in my php5.ini file how do i check if everything is working? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 23, 2013 Share Posted July 23, 2013 You don't use ini_set in php.ini, ini_set is a PHP function for settings options at runtime. Look at the existing php.ini file or PHP's documentation to see how to set options. Start by searching for the option you're trying to change. You can use a phpinfo page to get what the configuration and runtime settings are. Link to comment Share on other sites More sharing options...
westman Posted July 23, 2013 Author Share Posted July 23, 2013 i have... <?php phpinfo(); in my phpinfo file and all i see in the browser is... <?php phpinfo(); I looked up, what to input in my php5.ini fill and got now where. any help? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 23, 2013 Share Posted July 23, 2013 If you see the code then the server isn't executing the PHP. Make sure it's a PHP file. The ini file is already filled with options, there are examples all over the file. Open the file and search for the option you're trying to change, you might find it already being set to the default value. If it's not in the file then add it, but the rest of the PHP options should already be in the file so you can see how they are set up. Here's the manual for it: http://www.php.net/manual/en/configuration.file.php Link to comment Share on other sites More sharing options...
westman Posted July 23, 2013 Author Share Posted July 23, 2013 ok, in my php5.ini i have... session.gc_maxlifetime = 10800 # 3 hours but in my /phpinfo.php file i have... session.gc_maxlifetime 1440 1440 it's not working Link to comment Share on other sites More sharing options...
justsomeguy Posted July 23, 2013 Share Posted July 23, 2013 That's right, it's not working. The phpinfo output will show the configuration file it is using, that is the one you need to edit. If you're on a shared host then you may not be allowed to change that file. Maybe your host has user ini files set up like it describes here: http://www.php.net/manual/en/configuration.file.per-user.php You can also use .htaccess to change options if you're on Apache, this describes how: http://www.php.net/manual/en/configuration.changes.php If you're changing the root php.ini file, then you also usually need to restart the web server for changes to take effect. Link to comment Share on other sites More sharing options...
westman Posted July 24, 2013 Author Share Posted July 24, 2013 in my /phpinfo.php file i now have... session.gc_maxlifetime 10800 10800 does this mean everything is ok and working? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 24, 2013 Share Posted July 24, 2013 Is that the value you want it to have? If so, then it sounds like it's fine. Link to comment Share on other sites More sharing options...
davej Posted July 24, 2013 Share Posted July 24, 2013 I have not looked at Php for a long time now. Could anyone point me to a boilerplate page that shows how to correctly implement the basic "best practices" for things such as the session? I see the code here... http://www.php.net/manual/en/session.examples.php TIA. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now