php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #40275 FREQ: Ability to access sessions without increasing their lifetime
Submitted: 2007-01-29 17:49 UTC Modified: 2021-07-07 11:34 UTC
From: graced at monroe dot wednet dot edu Assigned: cmb (profile)
Status: Closed Package: Session related
PHP Version: 5.2.0 OS: Irrelevant
Private report: No CVE-ID: None
 [2007-01-29 17:49 UTC] graced at monroe dot wednet dot edu
Description:
------------
It's not readily apparent whether there is any way to do this with PHP's built-in session handler, so I figured I would write a request:

It would be nice to have a way to access a session (ala session_start()) in such a way where the lifetime of that session is not extended.

The intended application is for a PHP script that responds to polling (through Javascript) every ~5 minutes to report any new events.  For example, Javascript code might poll the server periodically to see if the user has any new messages on a forum.

Using session_start() in this situation is not neccessarily ideal as it would keep the user perpetually logged in until their webbrowser was closed.  The idea is that interactive actions (a user clicking on a link to another page on the site or submitting a form) should continue to increase the lifetime of a session, but noninteractive ones should not.  However, they should still be able to access (and potentially modify) session variables.

Additionally, with this feature an additional function (session_lifetime_remaining?) which returns the number of seconds until a session expires would be ideal -- allowing a user to be warned of impending logout due to inactivity.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-30 23:56 UTC] cmb@php.net
-Package: Feature/Change Request +Package: Session related
 [2021-07-07 11:34 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2021-07-07 11:34 UTC] cmb@php.net
The session timestamp is supposed to be updated on write, not on
read.  So calling session_start() doesn't extend the lifespan of
the session, but rather the implicit session_write_close() at the
end of the script.  You can avoid that by calling session_abort().

> Additionally, with this feature an additional function
> (session_lifetime_remaining?) which returns the number of seconds
> until a session expires would be ideal

It wouldn't be possible to give the exact value, since that
depends on when the GC will actually be triggered.  But anyhow,
you could use a custom session handler to implement this.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 12:01:27 2024 UTC