[Pmwiki-users] PHP Sessions / Cookies / Authentication / Cache

Patrick R. Michaud pmichaud
Fri Jun 25 07:21:54 CDT 2004


On Fri, Jun 25, 2004 at 03:14:31PM -0700, Steven Leite wrote:
> 
>    I  found  an  interesting  article  at  PHP Freaks.com.  If any of the
>    topics  in  the subject of this message interest you, then it might be
>    worth checking out.  Here's a snippet of the Intro:

There's another problem with PHP sessions, in that the session data
is automatically expired after 24 minutes.  This means that if someone
doesn't interact with the site at least once every 24 minutes, then their
session data can be lost.

While this may be okay for most sites; it's bad on a wiki where someone
could easily spend more than 24 minutes (1440 seconds) editing a page.  
By the time they click "Save", their session could've been wiped out
by PHP (and yes, this has happened to people running sessionauth.php).

PHP does have a "session.gc_maxlifetime" variable, but I haven't been to
get it to reliably increase the amount of time a session is allowed to live.
I suspect that if other PHP scripts are running on the same server that
don't change session.gc_maxlifetime, then those scripts may clean up
sessions older than the default of 1440 seconds.  The solution may be
to change the directory where session data is stored, but that introduces
its own set of headaches...

Pm




More information about the pmwiki-users mailing list