php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #10677 Session lifetimes beyond browse on per session basis
Submitted: 2001-05-04 16:39 UTC Modified: 2010-11-24 13:37 UTC
Votes:2
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: andrew at blackecho dot ca Assigned:
Status: Wont fix Package: Session related
PHP Version: 4.0.4pl1 OS: Linux (RH6)
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2001-05-04 16:39 UTC] andrew at blackecho dot ca
Something that's been requested in the annoated manuals but I don't see an actual feature request.

The problem is that while there is a session.gc_maxlifetime option in the ini file for dealing with the lifetime of session data, there is no way to set this on a per session level.

Eg. I have a login class that uses sessions to maintain data. It works fine so long as I don't want my login sessions to outlast the browser. Once I decided I wanted that to at least be an option of my class (set through a method) I had to perform a work-around of the session.cookie_lifetime INI file settings (since the session_set_cookie_params() call doesn't seem to work properly, or at least the way I wanted it to). 

At any rate, I managed to get around this problem and everything was working fine, but every so often (seemingly without ryhme or reason) when I returned to my example page the login class would come to a screaming halt and die(). After debugging for quite some time, I determined that it was because although I had managed to extend the life of the session id (though another cookie of my own and some funky hand-waving logic) the session DATA had expired after 1440 seconds, or 24 minutes. I got this number from the INI file as it was the value set for session.gc_maxlifetime.

Unfortunately, there is no way to extend this lifetime value through PHP; only via the ini file. This is not a viable solution however, when you run multiple virtual hosts on your server with the same PHP (as I do) and some of them have different login requirements (some more secure than others; some want the login to expire with the browser, others want it to last a week, etc.)

So my feature request is for a session_set_data_lifetime() function (and probably a get() equivilant for completeness). I'd also like it if the session_set_cookie_params() function actually worked like I think it should (and not, as it says cryptically, 'only for the duration of the script')

Thank you.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-24 13:37 UTC] jani@php.net
-Status: Open +Status: Wont fix -Package: Feature/Change Request +Package: Session related
 [2010-11-24 13:37 UTC] jani@php.net
Use your own session handler for such. If using files based sessions, in multi-host env, you need to have separate session.save_path for all hosts and set the session.gc_maxlifetime for each properly in each vhost. Better solution is still the custom handler. See session_set_save_handler() for more info.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Dec 02 04:01:24 2020 UTC