The control of session time

<?php
session_start();
if ( isset($_SESSION['mySession']) ) {
echo 'mySession is already set and its value is ' .$_SESSION['mySession'];
} else {
$_SESSION['mySession']=1;
echo 'mySession is not set.';
}

I have the code above in a.php
if I open the page for the first time. it will produce the result below.

After I open the page, whenever I open the page, it will produce the result below.

I like to make it like the following.
After I open the page for the first time,
if I open the page in 5 seconds, it produce the following.

if I open the page after 5 seconds, it produce the following.

The code below is for my target result.
but it seems not to work I expected.

<?php
session_start();
ini_Set('session.gc_maxlifetime', '5');

if ( isset($_SESSION['mySession']) ) {
echo 'mySession is already set and its value is ' .$_SESSION['mySession'];
} else {
$_SESSION['mySession']=1;
echo 'mySession is not set.';
}

What did I misunderstand about ini_set?
Or How can I make it session maxtime is 5 seconds.

ini_Set('session.gc_maxlifetime', '5');

gc stands for Garbage Collection. By setting the maxlifetime to 5 seconds, that just means that the session can be deleted after 5 seconds if the garbage collector wants to. There’s more info here: https://www.dev-metal.com/how-the-php-session-garbage-collector-really-works/

Also on that page is a link to a Stack Overflow question which provides the answer you’re looking for. In short you can use session_set_cookie_params() to set the life of the session cookie but a more reliable method is to store the time the session was started in the session itself, then check that each time.

What is the real problem you’re trying to solve here?

I made pages keep login by a session.
session.gc_maxlifetime of my apache server is 86400.
But it becomes logout before 86400 seconds.
The logout happens frequently with mobile browsers rather than with the desk top brwosers.
I like to test it for precision keep login-time.

Are you keeping track of the user’s IP in the session? Mobiles have the tendency to switch IPs a lot, whereas desktops usually have the same IP for a longer period of time.

Generally PHP will not close sessions earlier than the session.gc_maclifetime, but it may be closed later.

No, I just set it with the code below How can I track of the user’s IP in the session?

$_SESSION['mySession']=$userID; 

I can get the user’s IP with $_SERVER[“REMOTE_ADDR”]
How can I make the session alive for 86400 which is session.gc_maclifetime of my server?

Do you mean that the session should be alive for 86400 and it should be close after 86400?

I’m not saying you should do that, I was just wondering if maybe that was the problem. If you’re not doing it then it’s not the problem :slight_smile:

Yes, that’s exactly what I mean

Can you define when the session stops too early in a set of clearly defines steps?

Like

1. User logs in
2. User does ...
...
X. User is logged out but should not be

Today I did check the session by two times of taking a walk in the afternoon with my mobile phone
The following is the report of the checking with iPhone Safari.

sessionID       date and time        connection             comment                                                        
4               06-02 23:58          wifi                 new Session at home
4               06-02 23:59                               the old session at home       
4               06-03 08:23          
4               06-03 08:53    
11              06-03 14:50          LTE                  new Session in the street
11                                                        old Session alive in the street
11
:
11
11              06-03 14:46          LTE                   old Session in the street
12              06-03 16:46          LTE                   new Session in the street  
12              06-03 16:59          LTE                   old Session in the street   
:
12              06-03 17:09          LTE                   old Session in the street
11              06-03 17:22          wifi                  old Session at home and sessionID is 11 again!!!
11              06=03 17:09          wifi                  old Session at home
11              06-03  18:32         wifi                  old Session in the street away from my home about 20M 
11              06-03  18:35         ??                    old Session in the street away from my home about 100M 
13              06-03  19:05         LTE                   new Session in the street
13              06-03  19:06         LTE                   old Session in the street 
:
13              06-03  19:22        LTE                    old Session in the street
14              06-03  19:33        wifi                   new Session at home
14              06-03  20:02        wifi                   old Session at home

Do you keep the browser/tab open the whole time?

I don’t understand the above clearly.
But I will explain about what I did.

The webPage is opened at 06-02 23:58 yesterday by the browser safari of my phone…
The browser is never closed.

The omitted SessionID, 1, 3, 5, 6, 7, 8, 9 is used by my desk top browsers for testing.
They were chrome, fireFox, opera, and safari.

When I was out, I sometimes did internet surfing with another safari browser. But never used the browser which has mySession test.for surfing.

.

What I want is keeping login status for 1 day(86400 secs).

In order to do that, I think session or cookie should be alive for 1 day.

Because a session or a cookie is alive for 1 day when users use desktop browser.

But I found a session or a cookie is not alive when users use mobile phone.

Is it impossible to make login status for 1 day when users use mibile phone in PHP?

What is the value of the session.cookie-lifetime ini setting?

Also it sounds like there is something else at play here; out of the box PHP doesn’t know or care whether a page is visited via desktop or mobile.

I agree with rpkamp - I think the cookie lifetime is the issue here. You can set that using session_set_cookie_params.

The default is ‘0’, which means the session will last until the browser is closed. I haven’t tested this but I suspect if you’re using a phone, even though you haven’t explicitly closed the browser or the tab, unless you’re actively using it it can be closed in the background if you switch to another app or the phone is asleep.

In any case I think it’s always a good idea to set the session cookie lifetime so try setting it to 1 day and run your tests again.

I set myCookie like the above.
But it also often become logout with the mobile phone in the street.

I guess my Apache server might has another restrictions by the IP change

Why are you sending custom session cookies? When you call session_start() PHP will send one for you. This is not something you should do yourself.

Apache has nothing to do with it.

Do you mean the code below which I used in my project?

 session_id() 

No, I really do mean session_start.

You should probably read up on how PHP handles session before you take this any further: https://www.php.net/manual/en/session.examples.basic.php

The most important thing is: call session_start and let PHP handle sessions, do not write manual session logic with setcookie!

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.