SESSION LIFE( TIME) problem

Question

mrcniceguy 5 Posting Whiz in Training

15 Years Ago

I have a login script,which after a member login successfully session is registered.
The problem is that if user dont use the page for a certain time from 30 minutes. session a getting lost,and member should login again.
So what can i do to lengthen the session time,if its possible even for a Week.
here is my login script.

<?php  session_start();

 $user=$_POST['user'];
 $password=$_POST['password'];
 

//connecting to databases
include"config.php";
 

	   
$query = "SELECT  *FROM login where (user='$user' and password='$password')" ;
$result=mysql_query($query);
if(mysql_num_rows($result) == 1) {

$row=mysql_fetch_array($result);
$id=$row['id'];
$user=$row['user'];
$password=$row['password'];
$email=$row['email'];

$_SESSION['id']=$row['id'];
$_SESSION['user']=$row['user'];
$_SESSION['password']=$row['password'];
$_SESSION['email']=$row['email'];
$_SESSION['name']=$row['name'];
$_SESSION['photo']=$row['photo'];

include "myprofile.php";


}else{
include"wronglogin.php";
 }

?>

any help will be appreciated.

php

5 Contributors
13 Replies
135 Views
3 Months Discussion Span
Latest Post 15 Years Ago Latest Post by somedude3488

somedude3488 228 Nearly a Posting Virtuoso

15 Years Ago

I wouldn't change the session timeout. I don't think its a good idea to keep a session going that long. You might want to look into cookies to solve that problem.

somedude3488 228 Nearly a Posting Virtuoso

15 Years Ago

well, technically sessions are cookies.

session cookies are cleared once you close the browser, so it would loose the session.

if you have some code to check if a cookie is set on the clients computer, you can login using that. i don't prefer this method, but if you implement it correctly you shouldn't have any security problems.

here is some info on cookies: http://www.w3schools.com/PHP/php_cookies.asp
or do a google search.

justted 0 Junior Poster

15 Years Ago

Heya .... just wanted to ask if you are actually sanitising your user input for the login form? Otherwise talk of sessions and cookies is pointless as hackers will just be able to hack your site anyway.

May as well not bother with a login script if you are not stripping and escaping user input. :)

justted 0 Junior Poster

15 Years Ago

I think you will need to change this in the php.ini file if you have access to it?

Its not advised to set any cookie or session for long periods though especially if its for end users. Public computers etc may cause a security breach etc! You can set the default session timeout in the php.ini which is usually set to 1440 ...if the user doesnt browse for this period then the session is ended and a new one made.

Im no expert and still a noob so dont qoute me on this. lol

:)

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

mrcniceguy 5 Posting Whiz in Training · Answer 1 · 2009-03-25T03:38:56+00:00

i dont know how to set cookies,can i use together both the sessions and cookies?????????????

mrcniceguy 5 Posting Whiz in Training · Answer 2 · 2009-03-25T04:24:46+00:00

mrcniceguy 5 Posting Whiz in Training

15 Years Ago

thankx for your idea,i`m working with it.

nathenastle -1 Light Poster · Answer 3 · 2009-03-25T10:47:47+00:00

hi this is nathen,i think you should use cookies for your requirement because in cookies only you set the cut off time,in seesions there is no option to set time i think
just check this link for cookies
http://www.tizag.com/phpT/phpcookies.php

mrcniceguy 5 Posting Whiz in Training · Answer 4 · 2009-03-25T17:24:44+00:00

mrcniceguy 5 Posting Whiz in Training

15 Years Ago

thankx for the link))))))its a nice tutorial.

nathenastle -1 Light Poster · Answer 5 · 2009-03-26T09:58:53+00:00

hi this is nathen,thanks for your replay,i think your problem is solved

BigFormat 0 Light Poster · Answer 6 · 2009-06-18T13:12:17+00:00

I remember to have read somewhere that it's possible to set Sessions'cookie timeout, in order to expire for example after a month instead of on browser closing...
How is it possible?

somedude3488 228 Nearly a Posting Virtuoso · Answer 7 · 2009-06-18T16:07:10+00:00

You can actually change the life of a session cookie using setcookie(). Its not recommended, though.

BigFormat 0 Light Poster · Answer 8 · 2009-06-29T00:14:30+00:00

You can actually change the life of a session cookie using setcookie(). Its not recommended, though.

I've changed life value to 3 days, from my browser I can see the cookie has been updated with the new expire date but if I close the browser and reopen it I've got to login again, even if the cookie is still there and it's valid, any way to come through this?

somedude3488 228 Nearly a Posting Virtuoso · Answer 9 · 2009-06-29T06:26:18+00:00

Check this out:

http://us2.php.net/manual/en/function.session-set-cookie-params.php

Maybe it will help. It is mentioned in the posts that you need to use session_name to change the name of the session before the session_set_cookie_params function will work.