I have a project in which all forms send a token, this token is saved in the session and the two are compared when the form is handled to make sure they match.
Everything is working well except that after 60 minutes, the session token gets reset.
I have tried to change the session duration through session.gc_maxlifetime
but this didn’t work, and I do generally prefer that the session remain 1 hour.
At the moment I have an ajax request that is targeted towards a file that is used just for session refreshing, this ajax request runs every 45 minutes.
The purpose is to refresh the session every 45 minutes so that it does not expire after 60 minutes, but it is expiring anyway, so something is not working.
I think my issue is the session codes I have set up, but I cant figure out the actual issue, here is the code i use at the beginning of every page, which is also in the session refresh page:
session_refresh.php
//Start the session if not started already
if (session_status() == PHP_SESSION_NONE) {
session_start();
session_regenerate_id();
}
//Set a session start time
if (!isset($_SESSION['session_start_time'])) {
$_SESSION['session_start_time'] = date('d-m-y, H:i:s');
}
//Create a session token
if (!isset($_SESSION['token']) || empty($_SESSION['token'])) {
$_SESSION['token'] = bin2hex(random_bytes(32));
}
Here is the JS code I use, I have tested this and it does return the session when tested, but after 60 minutes, the token is different:
$(function(){
setInterval(function(){
$.get("session_refresh.php", function(data){
// console.log(data);
});
}, 2700000);
});
});