session override in .htaccess, and even php ini_set not working

2
votes

UPDATE

PHP ini settings

Directive | Local Value | Master Value

session.auto_start Off Off

session.cache_expire 180 180

session.cache_limiter nocache nocache

session.cookie_domain no value no value

session.cookie_httponly Off Off

session.cookie_lifetime 0 0

session.cookie_path / /

session.cookie_secure Off Off

session.entropy_file /dev/urandom /dev/urandom

session.entropy_length 32 32

session.gc_divisor 1 1

session.gc_maxlifetime 3 3

session.gc_probability 1 1

Any help is much appreciated. Thanks.

ORIGINAL

I have tried about 15 different methods, through resaearch and past stack overflow posts, and the result is still the same, I am logged out of the session after 5-10 mins of going inactive

All I want to achieve is to stay logged in for a long time...

.htaccess

<IfModule mod_php7.c>
    #Session timeout
    php_value session.cookie_lifetime "3600000"
    php_value session.gc_maxlifetime "3600000"
</IfModule>

php

ini_set('session.gc_maxlifetime', 3600000);
ini_set('session.cookie_lifetime', 3600000);
session_start();

if(!isset($_SESSION["username"])){
    header("Location: admin-login.php");
    exit(); 
}

if (isset($_SESSION['username']) && (time() - $_SESSION['username'] > 3600000)) {
    // last request was more than 30 minutes ago
    session_unset();     // unset $_SESSION variable for the run-time 
    session_destroy();   // destroy session data in storage
}
$_SESSION['username'] = time(); // update last activity time stamp
1
php.htaccesssession
Could you expand on "I am logged out of the session after 5-10 mins"? This is a rather broad statement and you sound unsure about your own observations.Dharman
@Dharman I want to stay logged in for long period ...hence why I have set the time..... but I am logged out after 5 mins of going inactiveGeorge Richardson
Then comment it out and wait 10 minutes.Dharman
Then it is not because of your code. Check what settings are maintained for your PHP with phpinfo(). Look for a setting which could mean 10 minutes(e.g. 600 seconds). We can't guess from our side what is happening to your sessions.Dharman
"Note: If different scripts have different values of session.gc_maxlifetime but share the same place for storing the session data then the script with the minimum value will be cleaning the data. In this case, use this directive together with session.save_path." gc_maxlifetime See also: gc_probability and gc_divisorQuasimodo's clone

1 Answers

1
votes

ini_set('session.gc_maxlifetime', 3600000); sets the lifetime of session files for the currently running script only. If other scripts are startet, the have their own (default) setting. A session file is removed when its lifetime has expired and the garbage collection is invoked.

Note: If different scripts have different values of session.gc_maxlifetime but share the same place for storing the session data then the script with the minimum value will be cleaning the data. In this case, use this directive together with session.save_path.

http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime

This means that each script accessing the session folder, even foreign sites depending on shared hosting configuration, can have its own lifetime setting and therefore delete session files in the configured folder. Thus you should also set the session.save_path to a writeble folder under your control. All scripts accessing a session within that save path need to be configured with the intended settings. See also the PHP function session_save_path.

Further more the session garbage collection does not run on every script start by default. You can configue this by session.gc_probability and session.gc_divisor. Set both, probability and divisor, to 1.

Note that passing an integer value to ini_set results into a fatal error. It should be a string value: ini_set('session.gc_maxlifetime', '3600000');.