Geek Answers Handbook

Need help keeping your PHP login session longer

I am working on a site for a small (reading: <50 users) non-profit organization that I work with, and my knowledge of PHP is quite limited. Currently, I have a login script that I found from an online tutorial. The problem I am facing is that every user logs out after about an hour or so.

Security is really not a problem with the content, and ideally I would like someone to stay logged in for several days or weeks. However, any google search for session duration connects me with people who want to shorten the logout timer.

As for the code, as soon as the login page compares the username and password with the database and follows with:

session_register("myusername"); session_register("mypassword"); header("location:index.php")

And on every protected page, it starts with:

 session_start(); if(!session_is_registered(myusername)){ header("location:login.html:); }
+8
php login session duration
source share
3 answers

Change your .htaccess and put something like:

 php_value session.gc_maxlifetime 2000

2000 - seconds. Install accordingly! This will tell the session garbage collector not to destroy the session within 2000 seconds. In addition, session_register is deprecated.

+7
source share

Given your question and the size of your database, I would choose to globally change the settings, rather than trying to set up session variables; It just does what you need and requires very little effort to apply to all users.

You can set the total session lifetime (as indicated in other answers) using the .htaccess file:

 php_value session.gc_maxlifetime 86400 //this is one day in seconds

Or you can also install it in the php.ini file, a fragment of which is:

 ; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. session.gc_maxlifetime = 86400

Nothing but a clean reference, the values ​​you need to consider for long-term garbage collection:

 86400 = one day 604800 = one week

Read more about garbage collection (gc) here .

+6
source share

If you use default PHP-based cookie-based session management (which I assume to you, since you didn't say anything about changing the default way of working), you can use:

 session_set_cookie_params(7200); // in seconds...session will last for 2 hours now session_start(); //once session cookie parameter is set, start the session..

session.gc* also uses the ini value group, but remember that gc only recommends when the session should be garbage collected, and does not really mean that this will happen.

You can read cookie settings and garbage collection here.

+4
source share

More articles:


All Articles