SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Addict miggl's Avatar
    Join Date
    Feb 2007
    Location
    Los Angeles, CA
    Posts
    286
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question PHP Session timeout issue running on Windows 2000 Server (IIS 5.x)

    Hi all,

    I have had an ongoing issue with my PHP sessions not being refreshed everytime the user accesses a page, but only when the user actually logs in.

    During login user-information gets written to the session. The user can be using the site continuously, but after the set timeout period the user gets prompted to log in again.

    How do I set up Window's IIS or the PHP config file to refresh the session everything the user interacts with the site?

    Thanks guys! This would really help out alot!
    Mike
    Celebrate Liberty, Freedom, and Rights at The Constitutionalist.

  2. #2
    SitePoint Enthusiast
    Join Date
    Feb 2005
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm not sure exactly how, but it should be possible to set the time/length of duration in the session cookie.

    So you have sessions working on a IIS system? How did you manage that?
    I have been posting for over a week trying to solve the exact problem of using sessions on an IIS system with no luck.

    I can write the session, I can actually see it being written, but I can't access the session data, and yes I am using session_start() at the top of each page.

    Did you set your permissions a certain way? or is there a special path for the session.save_path in the php.ini? I really would appreciate some help with this.
    people in glass houses shouldn't walk around naked

  3. #3
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Hi miggl

    If you don't want to set the session time at the beginning of each page then it is best to edit the session time in the php.ini however if you want to set the session time try like this:
    PHP Code:
      //sets cookie to 3600 seconds or 60 minutes 
    session_set_cookie_params(3600); 
    session_start(); 
    ServerStorm
    ictus==""

  4. #4
    SitePoint Addict Skookum's Avatar
    Join Date
    Sep 2006
    Location
    Idaho
    Posts
    375
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am running IIS on a 2k3 server with sessions and I haven't had any problems.

    I'm running PHP 5.1.5

    Here is the Session info from phpinfo
    session
    Session Support enabled
    Registered save handlers files user
    Registered serializer handlers php php_binary wddx

    Directive Local Value Master Value
    session.auto_start Off Off
    session.bug_compat_42 Off Off
    session.bug_compat_warn On On
    session.cache_expire 180 180
    session.cache_limiter nocache nocache
    session.cookie_domain no value no value
    session.cookie_lifetime 0 0
    session.cookie_path / /
    session.cookie_secure Off Off
    session.entropy_file no value no value
    session.entropy_length 0 0
    session.gc_divisor 1000 1000
    session.gc_maxlifetime 1440 1440
    session.gc_probability 1 1
    session.hash_bits_per_character 5 5
    session.hash_function 0 0
    session.name PHPSESSID PHPSESSID
    session.referer_check no value no value
    session.save_handler files files
    session.save_path no value no value
    session.serialize_handler php php
    session.use_cookies On On
    session.use_only_cookies Off Off
    session.use_trans_sid 0 0
    I am still playing with the session.use_only_cookies as I don't want to block anyone that doesn't have cookies enabled, but by turning that off I have noticed that about 20% of the time it is putting the session_id in the URL when cookies are enabled. So I need to play with that.

    I hope this helps someone.
    Paranoia is no longer a mental illness it is a way of life - Me

  5. #5
    SitePoint Addict miggl's Avatar
    Join Date
    Feb 2007
    Location
    Los Angeles, CA
    Posts
    286
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    [QUOTE=ServerStorm;3310141]set the session time at the beginning of each page[/PHP]
    Is this common practice / a known work-around with IIS and PHP? In ASP (.NET or classic) the session is 'auto-renewed' after every page access. And the same goes for PHP running on Apache.

    Thanks!
    Celebrate Liberty, Freedom, and Rights at The Constitutionalist.

  6. #6
    SitePoint Addict miggl's Avatar
    Join Date
    Feb 2007
    Location
    Los Angeles, CA
    Posts
    286
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here's my session summary derived from phpinfo(), looks nearly identical to me. Running on Windows XP (localhost) and Windows 2000 (server), php 5.14:
    session
    Session Support enabled
    Registered save handlers files user
    Registered serializer handlers php php_binary wddx

    Directive Local Value Master Value
    session.auto_start Off Off
    session.bug_compat_42 Off Off
    session.bug_compat_warn On On
    session.cache_expire 180 180
    session.cache_limiter nocache nocache
    session.cookie_domain no value no value
    session.cookie_lifetime 1200 1200
    session.cookie_path / /
    session.cookie_secure Off Off
    session.entropy_file no value no value
    session.entropy_length 0 0
    session.gc_divisor 1000 1000
    session.gc_maxlifetime 1440 1440
    session.gc_probability 1 1
    session.hash_bits_per_character 5 5
    session.hash_function 0 0
    session.name PHPSESSID PHPSESSID
    session.referer_check no value no value
    session.save_handler files files
    session.save_path no value no value
    session.serialize_handler php php
    session.use_cookies On On
    session.use_only_cookies Off Off
    session.use_trans_sid 0 0
    Celebrate Liberty, Freedom, and Rights at The Constitutionalist.

  7. #7
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Hi miggl

    It is more common to set how sessions behave in the PHP.ini. Doing on each page allows you to over-write the default php.ini settings for a given page, so depending on what you are doing this may or may not be helpful.

    ServerStorm
    ictus==""

  8. #8
    SitePoint Addict miggl's Avatar
    Join Date
    Feb 2007
    Location
    Los Angeles, CA
    Posts
    286
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ServerStorm View Post
    Hi miggl

    It is more common to set how sessions behave in the PHP.ini. Doing on each page allows you to over-write the default php.ini settings for a given page, so depending on what you are doing this may or may not be helpful.

    ServerStorm
    What are the correct settings for php.ini so that the session auto-renews itself when a page is accessed by the user? My current settings are:
    Code:
    [Session]
    ; Handler used to store/retrieve data.
    session.save_handler = files
    
    ; Argument passed to save_handler.  In the case of files, this is the path
    ; where data files are stored. Note: Windows users have to change this
    ; variable in order to use PHP's session functions.
    ;
    ; As of PHP 4.0.1, you can define the path as:
    ;
    ;     session.save_path = "N;/path"
    ;
    ; where N is an integer.  Instead of storing all the session files in
    ; /path, what this will do is use subdirectories N-levels deep, and
    ; store the session data in those directories.  This is useful if you
    ; or your OS have problems with lots of files in one directory, and is
    ; a more efficient layout for servers that handle lots of sessions.
    ;
    ; NOTE 1: PHP will not create this directory structure automatically.
    ;         You can use the script in the ext/session dir for that purpose.
    ; NOTE 2: See the section on garbage collection below if you choose to
    ;         use subdirectories for session storage
    ;
    ; The file storage module creates files using mode 600 by default.
    ; You can change that by using
    ;
    ;     session.save_path = "N;MODE;/path"
    ;
    ; where MODE is the octal representation of the mode. Note that this
    ; does not overwrite the process's umask.
    ;session.save_path = "/tmp"
    
    ; Whether to use cookies.
    session.use_cookies = 1
    
    ; This option enables administrators to make their users invulnerable to
    ; attacks which involve passing session ids in URLs; defaults to 0.
    ; session.use_only_cookies = 1
    
    ; Name of the session (used as cookie name).
    session.name = PHPSESSID
    
    ; Initialize session on request startup.
    session.auto_start = 0
    
    ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
    session.cookie_lifetime = 1200
    
    ; The path for which the cookie is valid.
    session.cookie_path = /
    
    ; The domain for which the cookie is valid.
    session.cookie_domain =
    
    ; Handler used to serialize data.  php is the standard serializer of PHP.
    session.serialize_handler = php
    
    ; Define the probability that the 'garbage collection' process is started
    ; on every session initialization.
    ; The probability is calculated by using gc_probability/gc_divisor,
    ; e.g. 1/100 means there is a 1% chance that the GC process starts
    ; on each request.
    
    session.gc_probability = 1
    session.gc_divisor     = 1000
    
    ; After this number of seconds, stored data will be seen as 'garbage' and
    ; cleaned up by the garbage collection process.
    session.gc_maxlifetime = 1440
    
    ; NOTE: If you are using the subdirectory option for storing session files
    ;       (see session.save_path above), then garbage collection does *not*
    ;       happen automatically.  You will need to do your own garbage
    ;       collection through a shell script, cron entry, or some other method.
    ;       For example, the following script would is the equivalent of
    ;       setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
    ;          cd /path/to/sessions; find -cmin +24 | xargs rm
    
    ; PHP 4.2 and less have an undocumented feature/bug that allows you to
    ; to initialize a session variable in the global scope, albeit register_globals
    ; is disabled.  PHP 4.3 and later will warn you, if this feature is used.
    ; You can disable the feature and the warning separately. At this time,
    ; the warning is only displayed, if bug_compat_42 is enabled.
    
    session.bug_compat_42 = 0
    session.bug_compat_warn = 1
    
    ; Check HTTP Referer to invalidate externally stored URLs containing ids.
    ; HTTP_REFERER has to contain this substring for the session to be
    ; considered as valid.
    session.referer_check =
    
    ; How many bytes to read from the file.
    session.entropy_length = 0
    
    ; Specified here to create the session id.
    session.entropy_file =
    
    ;session.entropy_length = 16
    
    ;session.entropy_file = /dev/urandom
    
    ; Set to {nocache,private,public,} to determine HTTP caching aspects
    ; or leave this empty to avoid sending anti-caching headers.
    session.cache_limiter = nocache
    
    ; Document expires after n minutes.
    session.cache_expire = 180
    
    ; trans sid support is disabled by default.
    ; Use of trans sid may risk your users security.
    ; Use this option with caution.
    ; - User may send URL contains active session ID
    ;   to other person via. email/irc/etc.
    ; - URL that contains active session ID may be stored
    ;   in publically accessible computer.
    ; - User may access your site with the same session ID
    ;   always using URL stored in browser's history or bookmarks.
    session.use_trans_sid = 0
    
    ; Select a hash function
    ; 0: MD5   (128 bits)
    ; 1: SHA-1 (160 bits)
    session.hash_function = 0
    
    ; Define how many bits are stored in each character when converting
    ; the binary hash data to something readable.
    ;
    ; 4 bits: 0-9, a-f
    ; 5 bits: 0-9, a-v
    ; 6 bits: 0-9, a-z, A-Z, "-", ","
    session.hash_bits_per_character = 5
    
    ; The URL rewriter will look for URLs in a defined set of HTML tags.
    ; form/fieldset are special; if you include them here, the rewriter will
    ; add a hidden <input> field with the info which is otherwise appended
    ; to URLs.  If you want XHTML conformity, remove the form entry.
    ; Note that all valid entries require a "=", even if no value follows.
    url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
    Celebrate Liberty, Freedom, and Rights at The Constitutionalist.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •