Extending page-specific session duration

Adem · February 20, 2024, 3:04pm

Hello,

Especially on the xxx.php page, since it takes a long time to fill out the form, sending the form fails because the standard session period expires.
Therefore, when the logged-in user visits the xxx.php page, I want to make the session duration specific to the xxx.php page 2 hours.

With the session below, will the server make the session duration for this page 2 hours?

$_SESSION['xxx_page_expiration'] = time() + (2 * 60 * 60);

I added the above code to the top of the xxx.php page

phdr · February 20, 2024, 3:23pm

The session lifetime is determined by - 1) the session.gc_maxlifetime (session garbage collection max lifetime), and 2) the session.cookie_lifetime.

The session.gc_maxlifetime must be set to a longer value, before all session_start() statements, to prevent a session_start() on a different page from deleting the session data files (the shortest value ‘wins’.)

The session.cookie_lifetime is typically a zero, meaning the the session cookie will be deleted when all instances of the browser are closed.

You can either set the session.gc_maxlifetime to the longer value, and it will affect all pages using session variables (would this actually cause any problem for your application?) OR you need to use javascript code on a page to periodically make an ajax request to a page that executes a session_start() statement to refresh the last access time of the session data file, to prevent garbage collection from deleting the session data.

Adem · February 20, 2024, 6:01pm

For other pages, normal session duration is sufficient.
I want to extend session duration for only one page.

If I add the following code before session_start() on the xxx.php page, will it extend the session duration?

ini_set('session.gc_maxlifetime', 2 * 60 * 60);
session_set_cookie_params(2 * 60 * 60);
session_start();

phdr · February 20, 2024, 6:14pm

Not by itself. When a session_start() is executed, on a different page, with a shorter session.gc_maxlifetime value, any session data files that are older than that shorter value will be deleted.

You could also store the session data files in a separate folder, then the session.gc_maxlifetime setting would only apply to the session data files in that folder. See the session.save_path setting.

Adem · February 20, 2024, 6:37pm

I think, as you said, the best way is to run session_start() with Ajax at certain intervals.

Adem · February 23, 2024, 2:52pm

I ran the file containing “session_start()” with ajax every 5 minutes, but the session was closed again.

I wonder what I did wrong?

phdr · February 23, 2024, 3:10pm

Most likely there’s something - protocol, hostname, filepath, … that’s different between the main page and the ‘session keep alive’ page, so that the session id cookie doesn’t match.

Posting the javascript you are using would help let someone try to reproduce the problem.

To debug this, you will probably need to display the session_id() value on the main page and log it in the ‘session keep alive’ page to see if they are the same value.

phdr · February 23, 2024, 5:29pm

I just played with this (on a windows system.) Php used to update the last access time of the session data file upon the session start statement (which caused the session data file for the session start that triggers garbage collection to be kept, it is deleted now.) To get the session data file last access time to update, you must make a change to the session data, such as setting an arbitrary session variable to any value -

session_start();
$_SESSION['tick'] = 1;

Adem · February 23, 2024, 7:44pm

I use session_name
I tried as below and it failed

if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == 1){
    session_name('name');
    session_start();
}

I used it at login as follows and it failed.

if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == 1){
    session_name('name');
    session_start();
	$_SESSION['logged_in'] = 1;
}

Ajax code is as follows

  function calistirAjax() {
      $.get('session_update.php');
  }
  setInterval(calistirAjax, 300000); // 5 dakika = 5 * 60 * 1000 milisaniye

After logging in, there is only ‘session_start()’ at the beginning of the other pages and how does the session continue with this?

Also on the login page I use the following when the session is successful

session_regenerate_id();

Adem · February 23, 2024, 9:43pm

I made an experiment as follows, I kept the page waiting for 1 hour and the session continued.
Now it’s past midnight, I’ll do tests again tomorrow, it looks like it will be as follows

<?php 
if(!isset($_SESSION)){
session_start();
}
?>

Adem · February 24, 2024, 12:17pm

I left the page open and did not take any action on this page or any page of the website for 2 hours and 1 minute, and the session continued.

I tried it with ajax on a remote Linux server and it was successful.
However, I don’t know if it will work on windows or any other server.

  function calistirAjax() {
      $.get('session_update.php');
  }
  setInterval(calistirAjax, 300000); // 5 dakika = 5 * 60 * 1000 milisaniye

session_update.php

<?php 
if(!isset($_SESSION)){
session_start();
}
?>