Menu
I am working on a site for a small (read: <50 users) nonprofit organization that I work with and my PHP knowledge is fairly limited. Currently I have a login script that I found from a tutorial online. The problem I am running into is that each user is logged out after about an hour or so.
Security really isn't an issue with the content and ideally I would like for someone to stayed logged in for multiple days or weeks. However, any search on Google about sessions length nets me people looking to shorten the logout timer.
As far as code goes, once the login page compares username and password to the database and follows with:
session_register("myusername");
session_register("mypassword");
header("location:index.php")
And on each protected page it starts with:
session_start();
if(!session_is_registered(myusername)){
header("location:login.html:);
}
924
Edit your .htaccess and put something like:
php_value session.gc_maxlifetime 2000
2000 is in seconds. Set accordingly! This will tell the session garbage collector not to destroy the session for 2000 seconds. Also, session_register is deprecated.
189
If you are using PHP's default cookie based session management (which I believe you are, since you did not mention anything about changing how default session works) you can use:
session_set_cookie_params(7200); // in seconds...session will last for 2 hours now
session_start(); //once session cookie parameter is set, start the session..
session.gc* group of ini values are also used for this purpose, but remember that gc only recommends when the session should be garbage collected, and does not really mean it will happen then.
You can read about cookie params here and garbage collection here
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
