Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What keeps a php session alive?

Tags:

php

session

Are sessions only kept alive each time you access a page with session_start(); or do other pages keep it alive too?

Example (with 30 minute timeout):

1

user accesses page with session_start();
25 mins later they access another session_start();
page session stays alive

2

user accesses page with session_start();
25 mins later they access a non-session_start(); page
session stays alive

Is 2 also true ?

like image 762
Shaun Avatar asked Apr 07 '14 05:04

Shaun


People also ask

How do I keep a PHP session alive?

Using ajax you can call a php script that refreshes your session every 10 minutes. :) This is as far as i can go to "exact". <? php session_start(); // store session data if (isset($_SESSION['id'])) $_SESSION['id'] = $_SESSION['id']; // or if you have any algo. ?>

How do I keep session cookies alive?

If you want to keep the session even if the browser is closed then you need to use persistent cookies which are stored on the user computer rather than HTTP only cookies. Show activity on this post. The best way is to keep cookie in browser,but encrypted.

How long is a PHP session valid?

By default, session variables last until the user closes the browser. So; Session variables hold information about one single user, and are available to all pages in one application. Tip: If you need a permanent storage, you may want to store the data in a database.

Is PHP session reliable?

Sessions are significantly safer than, say, cookies. But it is still possible to steal a session and thus the hacker will have total access to whatever is in that session. Some ways to avoid this are IP Checking (which works pretty well, but is very low fi and thus not reliable on its own), and using a nonce.


2 Answers

There is always a session cookie set in your browser whenever you access a page which has session_start(). The cookie name will PHPSESSID if the website is using PHP(although the name can be changed). This session cookie contains a session id which helps the browser to maintain that session with the server.

You can check manually by browsing any website which has your session and then delete your browser cookies, your session will be lost.

In your case both 1 & 2 are correct.

2 is correct because the user already has accessed a page which has session_start() and your session id will be set for the next 30 mins and it will be present even if you accesse a page which does not have a session.

NOTE: But the page which you will be visiting if contains session_destroy(), your session will be destroyed.

like image 171
Abhinav Avatar answered Sep 19 '22 22:09

Abhinav


Calling session_start() merely gives your code access to the session.

What keeps the session alive is your browser sending the session id (stored in a cookie) to the server, whether you use it or not.

Answer: They are both true.

like image 21
Fabien Warniez Avatar answered Sep 22 '22 22:09

Fabien Warniez