发表新帖
发表新帖

How to set lifetime of session

后端 未结
关注
6 2093
梦如初夏
梦如初夏 2020-11-27 03:36

How to set session lifetime in PHP? I Want to set it to forever as long as the request is exist. The request is AJAX. My PHP code that handle AJAX request is:
相关标签:
6条回答
  • 情书的邮戳
    2020-11-27 03:52

    Set following php parameters to same value in seconds:

    session.cookie_lifetime
session.gc_maxlifetime

    in php.ini, .htaccess or for example with 

    ini_set('session.cookie_lifetime', 86400);
ini_set('session.gc_maxlifetime', 86400);

    for a day.

    Links:

    http://www.php.net/manual/en/session.configuration.php

    http://www.php.net/manual/en/function.ini-set.php

    0 讨论(0)
  • 悲哀的现实
    2020-11-27 03:54

    Since most sessions are stored in a COOKIE (as per the above comments and solutions) it is important to make sure the COOKIE is flagged as a SECURE one (front C#):

    myHttpOnlyCookie.HttpOnly = true;

    and/or vie php.ini (default TRUE since php 5.3):

    session.cookie_httponly = True
    0 讨论(0)
  • 难免孤独
    2020-11-27 03:59

    Prior to PHP 7, the session_start() function did not directly accept any configuration options. Now you can do it this way

    <?php
// This sends a persistent cookie that lasts a day.
session_start([
    'cookie_lifetime' => 86400,
]);
?>

    Reference: https://php.net/manual/en/function.session-start.php#example-5976

    0 讨论(0)
  • 孤独总比滥情好
    2020-11-27 04:00

    The sessions on PHP works with a Cookie type session, while on server-side the session information is constantly deleted.

    For set the time life in php, you can use the function session_set_cookie_params, before the session_start: 

    session_set_cookie_params(3600,"/");
session_start();

    For ex, 3600 seconds is one hour, for 2 hours 3600*2 = 7200.

    But it is session cookie, the browser can expire it by itself, if you want to save large time sessions (like remember login), you need to save the data in the server and a standard cookie in the client side.

    You can have a Table "Sessions":

    • session_id int
    • session_hash varchar(20)
    • session_data text

    And validating a Cookie, you save the "session id" and the "hash" (for security) on client side, and you can save the session's data on the server side, ex:

    On login:

    setcookie('sessid', $sessionid, 604800);      // One week or seven days
setcookie('sesshash', $sessionhash, 604800);  // One week or seven days
// And save the session data:
saveSessionData($sessionid, $sessionhash, serialize($_SESSION)); // saveSessionData is your function

    If the user return:

    if (isset($_COOKIE['sessid'])) {
    if (valide_session($_COOKIE['sessid'], $_COOKIE['sesshash'])) {
        $_SESSION = unserialize(get_session_data($_COOKIE['sessid']));
    } else {
        // Dont validate the hash, possible session falsification
    }
}

    Obviously, save all session/cookies calls, before sending data.

    0 讨论(0)
  • 花落未央
    2020-11-27 04:08

    Sessions can be configured in your php.ini file or in your .htaccess file. Have a look at the PHP session documentation.

    What you basically want to do is look for the line session.cookie_lifetime in php.ini and make it's value is 0 so that the session cookie is valid until the browser is closed. If you can't edit that file, you could add php_value session.cookie_lifetime 0 to your .htaccess file.

    0 讨论(0)
  • 既然无缘
    2020-11-27 04:16

    As long as the User does not delete their cookies or close their browser, the session should stay in existence.

    0 讨论(0)
 看不清?
提交回复
热议问题