I do not want the user to be logged out of the site even if the person is idle for, it is okay if the person is logged out if he has closed the browser.
session.gc_maxlifetime = 180000
session.gc_probability = 1
session.gc_divisor = 1
session.save_path = "/var/lib/php/session"
cookie_lifetime = 0
Is there any setting that i am missing?
Please help
To set the life time i have added the following code.
session_set_cookie_params(21600);
session_start();
You need extend your live time of cookie, remember that session id is stored in user webbrowser within cookie, set session.cookie_lifetime with a more big value too.
session_set_cookie_params(21600);
session_start();
21600 seconds is only 6 hours
Try setting to something bigger maybe even PHP_INT_MAX
Dont know whether it will help just wrote to give u the idea of how?....cookie are saved at user browser so ,
$cookieName = "userscookie";
$lifetime = time() + (60*60*24); // one day life
if(isset($_COOKIE[$cookieName])) {
$value = $_COOKIE[$cookieName];
// one day life from day of access
setcookie($cookieName, $value, $lifetime);
} else {
$value = "this value to store";
setcookie($cookieName, $value, $lifetime);
}
output:
Thankyou
Related
I am using laravel 6.I Want my laravel CSRF Token expire in every 60 seconds.
config/session
'lifetime' => 60,
First of All, CSRF is stored in XSRF-TOKEN cookie. Ref: 50904763
According to the question (Ref: 51615122), We change the configuration in app/Http/Middleware/VerifyCsrfToken.php by adding a new method named addCookieToResponse
use Symfony\Component\HttpFoundation\Cookie;
public function addCookieToResponse($request, $response) {
$config = config('session');
$session_life = env('CSRF_LIFE');
$response->headers->setCookie(
new Cookie(
'XSRF-TOKEN', $request->session()->token(), $this->availableAt($session_life),
$config['path'], $config['domain'], $config['secure'], false, false, $config['same_site'] ?? null
)
);
}
where $config is used to get session information from existing lifetime. However, I parse $session_life from .env to make sure you can customize as much as you can.
So, the result is simple, configure everything as belongs but in area $this->availableAt($session_life) where session_life is in seconds.
So, please set session_life to 60 in .env as below:
CSRF_LIFE="60"
After you save and refresh your page, or clean cache and configs, Session LifeTime will be two hours but CSRF will be only 60 secs.
Hope this works.
After long testing I end up something, that you put in the lifetime option in session not allow to set expire time in seconds, it'll allow to minutes.
So, when you set up liftime = "60", it's means it will expire in 1 hour.
Hence, You have to set liftime = "1" in your config/session.pph file. Also, default value in .env file SESSION_LIFETIME=120 you have to replace that with 1 SESSION_LIFETIME = 1.
After that you have to clear the cache by command:-
php artisan config:cache
Now, your session will expire after 1 minute / 60 seconds.
To see more check this question.
I want to log out the user if he is inactive for some specific duration. USing sess_expiration in config file, it gives the timing from login not from inactive state.
So how can I do this using codeigniter?
you can store the time in a session when the user logging in like this:
$_SESSION['loginTime'] = time();
and when the user do any action in the system, check if the user exceed the specified time
if($_SESSION['loginTime'] < time()+$yourtime){
logout();
}else{
$_SESSION['loginTime'] = time();
}
I try to understand this Login example.
There is a procedure called "checkWithServerIfSessionIdIsStillLegal".
I am wondering how the server can validate if a session is still valid because the session id is always different when the user closes the browser.
Can someone explain me how does this work?
By setting session id in onModule load(when he logs in) as a cookie and checking again after he accessing login page.
String sessionID = result.getSessionId();
final long DURATION = 1000 * 60 * 60 * 24 * 1;
Date expires = new Date(System.currentTimeMillis() + DURATION);
Cookies.setCookie("sid", sessionID, expires, null, "/", false);
Here is the complete implemetation of checkWithServerIfSessionIdIsStillLegal(),which you are referring.
Take a look at the following link.
Cannot use same cookie for multiple GWT applications
This might solve your problem.
Hi have a single opencart install setup with several stores with different subdomains (all under the same domain). I want customers to be able to put items in the cart on one site, then move onto the next and put in more or even subtract, till eventually a customer checkouts out on any store. Note products might appear in one store but not another.
I notice opencart does this somewhat. ie it will bring products already in the cart to the next store but only if the products appear in both stores. Further if a customer then deletes one of the items and moves back to the same store, they product reappears.
First Problem seems to firstly be products in the cart are being displayed through what i guess is a query that selects products by store_id. I have had a hard look to see if i can find anything but am at a loss.
Second problem seems to be with the contents of the session. I am still learning php and am a bit confused of how to even attempt to modify how the session works.
Can anyone please provide some guidance on how i can go about fixing/changing this.
OpenCart stores all these information in you PHP session. Since your stores are located under different subdomains, the PHP session changes when you switch from one store to another.
So the first thing you need to do is to share the session between all subdomains. By default, PHP uses the 'PHPSESSID' cookie to propagate session data across multiple pages, and by default it uses the current top-level domain and subdomain in the cookie declaration.
Example: www.domain.com
The downside to this is that the session data can't travel with you to other subdomains. So if you started a session on www.domain.com, the session data would become unavailable on forums.domain.com. The solution is to change the domain PHP uses when it sets the 'PHPSESSID' cookie.
Assuming you have an init file that you include at the top of every PHP page, you can use the ini_set() function. Just add this to the top of your init page:
ini_set('session.cookie_domain',
substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));
This line of code takes the domain and lops off the subdomain.
Example: forums.domain.com -> .domain.com
Now, every time PHP sets the 'PHPSESSID' cookie, the cookie will be available to all subdomains!
You might also need to make some little modifications to the OpenCart's core in order to make it work.
Have fun :)
After Tohids help I have the following solution, hopefully it helps others. I added the cookie_domain code line to the session.php file and also added or changed the cookie name wherever the setcookie function was used to cover the currency and language cookies.
open \system\session.php
find;
ini_set('session.use_cookies', 'On');
ini_set('session.use_trans_sid', 'Off');
insert after;
ini_set('session.cookie_domain', substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));
open \index.php
find;
if (!isset($request->cookie['language']) || $request->cookie['language'] != $code) {
setcookie('language', $code, time() + 60 * 60 * 24 * 30, '/', $request->server['HTTP_HOST']);
}
replace with;
if (!isset($request->cookie['language']) || $request->cookie['language'] != $code) {
setcookie('language', $code, time() + 60 * 60 * 24 * 30, '/', substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));
}
find;
if (isset($request->get['tracking']) && !isset($request->cookie['tracking'])) {
setcookie('tracking', $request->get['tracking'], time() + 3600 * 24 * 1000, '/');
}
replace with;
if (isset($request->get['tracking']) && !isset($request->cookie['tracking'])) {
setcookie('tracking', $request->get['tracking'], time() + 3600 * 24 * 1000, '/', substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));
}
open system\currency.php
find;
if (!isset($this->request->cookie['currency']) || ($this->request->cookie['currency'] != $currency)) {
setcookie('currency', $currency, time() + 60 * 60 * 24 * 30, '/', $this->request->server['HTTP_HOST']);
}
replace with;
if (!isset($this->request->cookie['currency']) || ($this->request->cookie['currency'] != $currency)) {
setcookie('currency', $currency, time() + 60 * 60 * 24 * 30, '/', substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));
}
Very Easy Solution! Share the login session across the subdomains
OPEN FILE: system/library/session.php
FIND LINE: session_set_cookie_params(0, '/');
APPEND : session_set_cookie_params(0, '/','.DOMAIN.COM);
Make sure to include the period "." before DOMAIN.COM
That's it... Now login sessions started on www.domain.com is shared with www.sub.domain.com
I am trying to put second language on my webpage. I decided to use different files for different languages told apart by path - language/pl/projects.ln contains Polish text, language/en/projects.ln - English. Those extensions are just to tell language files from other, the content is simple php:
$lang["desc"]["fabrics"]["title"] = "MATERIAŁY";
$lang["desc"]["fabrics"]["short_text"] = "Jakiś tam tekst na temat materiałów";
$lang["desc"]["services"]["title"] = "USŁUGI";
$lang["desc"]["services"]["short_text"] = "Jakiś tam tekst na temat usłóg";
And then on the index page I use it like so:
session_start();
if (isset($_SESSION["lang"])) {
$language = $_SESSION["lang"];
} else {
$language = "pl";
}
include_once("language/$language/projects.ln");
print $lang["desc"]["fabrics"]["title"];
The problem is that if the session variable is not set everything works fine and array item content is displayed but once I change and set $_SESSION["lang"] nothing is displayed. I tested if the include itself works as it should by putting print "sth"; at the beginning of projects.ln file and that works all right both with $_SESSION["lang"] set and unset.
Please help.
Can you test the return value of session_start() - if it's false, it failed to start the session.
Is it being called before you output anything to the browser? If headers were already sent and your error_reporting level is too low, you won't even see the error message.
Stupid, but - do you set value of $_SESSION['lang'] to valid value like "en"? Does the English translation load correctly when you use it as default value in else block instead of "pl"?
"Jakiś tam tekst na temat usłóg" -> "usług" :)
Can you tell us what does this one output:
if(session_start()) {
echo SID, '<br/>';
if(isset($_SESSION['lang'])) {
echo 'lang = "',$_SESSION['lang'], '"';
}
}
Session starts fine and accidentally I managed to fix it.
I renamed $_SESSION['lang'] to $_SESSION['curr_lang'] and it now works allright. It seams like it didn't like the array and session variable having the same name (?).