[Pmwiki-users] PHP Sessions / Cookies / Authentication / Cache

Steven Leite steven_leite
Fri Jun 25 10:05:59 CDT 2004


According to the PHP documentation, the session.gc_maxlifetime variable
which is set in the php.ini file can actually be set via a .php script
using the ini_set( ) function.

Like so:  ini_set(session.gc_maxlifetime, 2880);

Which would set it to 48 minutes instead of the default of 24 minutes
(1440).

I don't have a production environment to actually test this on.

For more information, check the PHP documentation Function Index, and
look for ini_set( )

Now a question.  If I want to create a cookbook recipe that uses
session, I don't want to declare the session_start( ) function twice.
It would be nice if the session_start( ) function was in the core of
pmwiki (whether it's actually used or not), this would take a bit of the
guesswork out of writing add-on's.

I was experimenting with session( ) today, and I got a simple add-on
module to basically just output the session_id.  I'm working on some
more complex examples and I hope to work sessions into some of my
existing modules.  Again, it migh be a bit tricky depending on whether
someone has PmWiki's optional sesson_auth.php enabled or not.

If there's some performance issue with having in the core, then maybe we
could at least have it in the core as an option, like
$EnablePHPSessions = 1;

Sessions are used for a lot more than just authorization schemes.

Comments on the Article

I read in the article that session don't use cookies, and how great that
is because 30% of browsers don't use cookies, and the number is
increasing because people don't want information stored on their
computers, etc etc etc.  But when I read the PHP manual, it seems to be
that using sessions does in fact rely on cookies.  Does anybody know
better?  I'm not really an expert with php or cookies, so I'm a bit
confused by the apparently conflicting facts.

Regards,

-Steven


On Friday, June 25, 2004 6:21 AM [GMT+1=CET],
Patrick R. Michaud <pmichaud at pobox.com> wrote:

> On Fri, Jun 25, 2004 at 03:14:31PM -0700, Steven Leite wrote:
>>
>>    I  found  an  interesting  article  at  PHP Freaks.com.  If any
>>    of the topics  in  the subject of this message interest you, then
>>    it might be worth checking out.  Here's a snippet of the Intro:
>
> There's another problem with PHP sessions, in that the session data
> is automatically expired after 24 minutes.  This means that if someone
> doesn't interact with the site at least once every 24 minutes, then
> their session data can be lost.
>
> While this may be okay for most sites; it's bad on a wiki where
> someone could easily spend more than 24 minutes (1440 seconds)
> editing a page.
> By the time they click "Save", their session could've been wiped out
> by PHP (and yes, this has happened to people running sessionauth.php).
>
> PHP does have a "session.gc_maxlifetime" variable, but I haven't been
> to get it to reliably increase the amount of time a session is
> allowed to live. I suspect that if other PHP scripts are running on
> the same server that don't change session.gc_maxlifetime, then those
> scripts may clean up sessions older than the default of 1440 seconds.
> The solution may be
> to change the directory where session data is stored, but that
> introduces its own set of headaches...
>
> Pm




More information about the pmwiki-users mailing list