PHP sessions timing out too quickly
Random expiration is a classical symptom of session data directory shared by several applications: the one with the shortest session.gc_maxlifetime time is likely to remove data from other applications. The reason:
- PHP stores session files in the system temporary directory by default.
-
The builtin file handler doesn't track who owns what session file (it just matches file name with session ID):
My advice is that you configure a private custom session directory for your application. That can be done with the session_save_path() function or setting the session.save_path configuration directive. Please check your framework's documentation for the precise details on how to do it in your own codebase.
Debian uses a cron job to automatically expire sessions in a secure manner. If you are using Debian, look at /etc/cron.d/php5.
You can use it technique to make compatible your application according to you. You have to make few changes according to your system
// Get the current Session Timeout Value
$currentTimeoutInSecs = ini_get(’session.gc_maxlifetime’);
Change the Session Timeout Value
// Change the session timeout value to 30 minutes // 8*60*60 = 8 hours
ini_set(’session.gc_maxlifetime’, 30*60);
//————————————————————————————–
// php.ini setting required for session timeout.
ini_set(‘session.gc_maxlifetime’,30);
ini_set(‘session.gc_probability’,1);
ini_set(‘session.gc_divisor’,1);
//if you want to change the session.cookie_lifetime.
//This required in some common file because to get the session values in whole application we need to write session_start(); to each file then only will get $_SESSION global variable values.
$sessionCookieExpireTime=8*60*60;
session_set_cookie_params($sessionCookieExpireTime);
session_start();
// Reset the expiration time upon page load //session_name() is default name of session PHPSESSID
if (isset($_COOKIE[session_name()]))
setcookie(session_name(), $_COOKIE[session_name()], time() + $sessionCookieExpireTime, “/”);
//————————————————————————————–
//To get the session cookie set param values.
$CookieInfo = session_get_cookie_params();
echo “<pre>”;
echo “Session information session_get_cookie_params function :: <br />”;
print_r($CookieInfo);
echo “</pre>”;
Try to use this part of code:
session_start();
$inactive = 600;
$session_life = time() - $_SESSION['timeout'];
if($session_life > $inactive) {
session_destroy();
header("Location: logoutpage.php");
}
$_SESSION['timeout']=time();