I've gone in to the sessions file in the config folder and changed the lifetime = 1 and expire_on_close = false.
I've gone in to the php.ini and commented out session.gc_maxlifetime.
Anything that I put in to the session variable gets wiped out after x amount of minutes that I set in the config file but I'm still not logged out. Am I supposed to create something that logs me out or is Laravel supposed to log me out automatically?
Related
I'd like to update my own database when session expires. To do this I modified CodeIgniter's Session file and wrote my own code in sess_destroy(). Everytime the user logouts, sess_destroy() is called. It works correctly as my database gets updated. My problem though is that my database doesn't update when session expires. To test it, I set the sess_expiration in the config.php file to 20 seconds so I wouldn't have to wait long for it to expire. After it does expire, login details that are supposed to be displayed are gone, meaning the session is gone. My database, however, was not updated at all. I've tried inputting code in unset_userdata() and sess_gc() but database still doesn't update.
Suggestions are welcome. Thank you
The only way would be to call some sort of cron job to regularly scan the database of sessions for expired sessions and purge them or log them etc. Nothing is going to trigger that automatically.
I have a very critical issue with my Magento store. The session gets reset on every HTTP request, for example if I refresh the homepage it creates a new session.
Initially I thought it was from the php.ini settings but I set session.cookie_lifetime = 86400 ni my php.ini file and from magento backend as ewll. Then I also moved the session from files to db to try and resolve the problem but it keeps creating new sessions on every request. As a result of this I can't add any items to the cart or do anything else because my session gets destroyed every time.
I solved this issue by enabling "Use SID on Frontend" in 'system->web->session validation settings'.
Hope the following will helps you.
https://magento.stackexchange.com/questions/385/cart-dropping-all-items-cart-session-clears
I found the issue and located it in this file:
app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
In order to fix it more elegantly one should override the specified file in the local code pool insted of modifying the core directly. Like below:
app/code/local/Mage/Core/Model/Session/Abstract/Varien.php
Also for the above to work php.ini setting session.cookie_secure must be commented or set to 0.
Make sure to check your php.ini
I had a similar problem and noticed that the .ini was trying to set a different save path for the sessions then Magento.
In short edit php.ini and comment out the save_path and cookie_secure:
;session.save_path =
;session.cookie_secure =
I'm sure there is a way in Magento to set the secure cookie param, as I would not want to suggest anything that maybe a security risk.
Then restart php or apache
I have a live site which works fine and can be logged into no problems. I have a local copy of that site but for some reason the session isn't working. If i login, i can tell that the login has worked as it tries to redirect to the success page and i can see that a new session gets started.
But, the system doesn't recognise me as being logged in.
I've changed the cookie_domain config variable, changed session_ip and session_user_agent matching variables but nothing seems to work.
Also, i increased the size of the fields that hold session/userdata data in the db to longtext to make sure nothing was being chopped off.
Is there anything i've missed, anything that i've forgotten?
Ahhh, my bad. I didn't realise i had a dev only config in there that needed to have it's cookie domain changed. Whoops!!
We have an internal control panel that all employees in the office are logged into all day, including customer service. I'd like for it to be setup so that it keeps you logged in for 1 hour before your session expires. How can I change this in the PHP.ini? I made a change before I understood would keep the session open until the browser window was closed but it didn't stick.
There are two different values you can set:
session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up.
and session.cookie_lifetime which is how long the cookie will last.
http://www.php.net/manual/en/session.configuration.php
both values can be set in the php.ini file, but might get overriden in .htaccess files or in your scripts using ini_set.
You can also do this client-side using JavaScript. Use an AJAX call to periodically 'check-in' with the server, keeping the PHP session alive. You can also monitor if the user is doing anything on the current page, show them a '2 minute warning' message, or even redirect them to a 'session terminated' page when the 1 hour inactivity period is reached. You could even use this to 'force' a user to be signed out.
This isn't as secure as doing it purely in PHP, but does give you more flexibility to build cool features.
The most secure place to implement this would be in your application. You can store the session update time in $_SESSION on each page load. Before you update it, you check if it has exceeded the 60 minute limit, in which case you can use session_destroy() to terminate the session, followed by a redirect to the login page (or similar).
I don't think this can be done from the php.ini file. I think you either want to store the login time on the server and compare that with the current time and delete if 60mins have passed, or alternatively, use cookies -- these can have an explicit lifespan. See this for more information on cookies.
I'm using Zend Framework for PHP and handling sessions with the Zend_Session module. This is what I have in my Initializer (or bootstrap):
Zend_Session::start();
Zend_Session::rememberMe(864000);
864000 seconds should be good for 10 days, but I'm still being kicked out at about an hour (or maybe a little less). I've tested to see if this statement works at all by setting it to 10 seconds, and indeed I am kicked out at the appropriate time, but when I set it to a very high value, it doesn't work! I went through some of the documentation here:
http://framework.zend.com/manual/en/zend.session.html
Another method I saw was to use the following:
$authSession = new Zend_Session_Namespace('Zend_Auth');
$authSession->setExpirationSeconds(3600);
Now, I have different namespaces. Does this mean I have to set this for all of them if I want to keep them from expiring? I haven't tested this method of setting the expiration, but I really wanted to see what the gurus on here had to say about what the correct way of approaching this problem is. Thanks a lot guys...
Also, does anyone know how I can make it so that the session never expires? I've tried setting the second to 0 and -1, but that throws an error.
I had the same problem and solved it by putting:
resources.session.save_path = APPLICATION_PATH "/../data/session/"
resources.session.gc_maxlifetime = 864000
resources.session.remember_me_seconds = 864000
in the application.ini (as suggested by tawfekov) and
protected function _initSessions() {
$this->bootstrap('session');
}
in the Bootstrap.php (this I typically forgot at first). You have to give the session directory the correct access rights (chmod 777). I described the issue here. Hopefully this will help the next person with the same issue.
Your client's computer clock, date, AND time zone need to be set correctly for session expirations to work. Otherwise the time conversions are off, and likely causing your cookie to expire the minute it hits the their browser.
Try calling remember me before starting the session:
Zend_Session::rememberMe(864000);
Zend_Session::start();
Otherwise I believe it will use the default of remember_me_seconds. See 49.4.4. rememberMe(integer $seconds)
Also, does anyone know how I can make
it so that the session never expires?
I've tried setting the second to 0 and
-1, but that throws an error.
I don't think that is possible. The session is controlled by whether the cookie exists on the users computer. Those cookies can be deleted, even by the users if they clear their cache. I think the best you can do is set it to a very large number. Say 12 months.
I guess you are using ZF 1.8 or above ,
so you can put in the config.ini file
resources.session.save_path = APPLICATION_PATH "/../data/session"
resources.session.remember_me_seconds = 864000
and these setting will automatically loaded
again only in ZF 1.8 or above if not you had to load these config manually
i hope it helps you :)
Are there other PHP applications running on the server?
Assuming you're using the standard, file-based, session handler, PHP will store all sessions in the same place (typically /tmp).
If you have some other script on the server using the default session_gc_maxlifetime settings, it may be eating your session files.
The easiest fix to try is to configure PHP to store session files for this application someplace special -- that way other apps running on the server will never accidently "clean up" session data from this app.
Try creating a directory like /tmp/myAppPhpSessions (or whatever), and adding:
ini_set('session.save_path','/tmp/myAppPhpSessions');
ini_set('session.gc_maxlifetime', 864000);
at the very top of your bootstrap file.
Make sure session.auto_start is off in php.ini