#2272 4.1.5rel session timeout settings not followed

v4.1.5
closed-invalid
nobody
None
5
2009-11-26
2008-10-03
waldo kitty
No

this report is also related to bug:2139307...

in an attempt to keep my sessions "alive" so that i don't always have to logout and back in just to retain my admin privs, i have set the (global) session timeout value ($PGV_SESSION_TIME) to 86400 which should be 24 hours...

to test this, i have signed in and done some work and then left the browser open on the last screen i was working from... currently this is the first places hierarchy top level screen... some hours later, i come back and refresh the page only to see that i've got to login in again :(

Discussion

  • Greg Roach
    Greg Roach
    2008-10-03

    PGV cannot set this value any higher than the value set in your PHP.INI file.

    I think you need to look at the setting for session.gc_maxlifetime

    It can only set it lower. (Much like the CPU time limit setting).

     
  • Greg Roach
    Greg Roach
    2008-10-03

    • status: open --> pending-rejected
     
  • waldo kitty
    waldo kitty
    2008-10-04

    interesting... i've just looked thru my php.ini and don't see anything that jumps out at me to control this... what value should i be looking at?

     
  • waldo kitty
    waldo kitty
    2008-10-04

    • status: pending-rejected --> open-rejected
     
  • waldo kitty
    waldo kitty
    2008-10-05

    i've not seen any response to exactly what value in php.ini (or the php_value settings in .htaccess) that i need to look at to ensure that sessions stay active at least as long as i have set them for in PGV's settings... i have been researching php's session variables and still have not come across anything _specific_ to this problem...

    i have, however, come across a possible explanation as to why this is not working in my setup... this explanation has to do with the php session_cache_expire setting. please see this URL for more info... http://www.php-editors.com/php_manual/function.session-cache-expire.html

    i can and will confirm that my current session_cache_expire is showing up as 180 minutes (the default) and this seems to match the time length that my sessions are not coming back active (eg: 4 hours later, i have to do the screwy logout/login routine to regain admin privs)...

     
  • waldo kitty
    waldo kitty
    2008-10-05

    • status: open-rejected --> open
     
  • waldo kitty
    waldo kitty
    2008-10-05

    i just noticed that you, fisharebest, responded to look at session.gc_maxlifetime... however, the gc vars are for *g*arbage *c*ollection... i will set about adjusting the one i found for session cache expire and see if that makes any difference...

    FWIW: i set these in the .htaccess file if i can so that they only affect the domain/directory in question and not the entire (sub)server configuration ;)

     
  • waldo kitty
    waldo kitty
    2008-10-05

    i forgot to also add the following to my "diatribe" :?

    PGV should tell the administrator what the current session time out value is so that they can know and adjust the proper value(s) in their php.ini and/or .htaccess files...

    my apologies if i seem like i'm being obtuse or "ugly" about this... it just seems to be a basic function of PHP apps that should be quite apparent to the coders developing the application at hand... granted, like many others, i've had to learn the nuances of a language "on the fly" while coding (large) apps for the masses... however, i didn't have all these tripwires and subtle hidden gotchas to deal with "back in my/the day" ;)

     
  • Greg Roach
    Greg Roach
    2008-11-17

    • milestone: --> v4.1.5
     
  • Greg Roach
    Greg Roach
    2009-11-26

    • status: open --> closed-invalid
     
  • Greg Roach
    Greg Roach
    2009-11-26

    "garbage collection", in this context, is the removal of expired (aka garbage) session data.

    This appears to be a server configuration issue (that would be better dealt with on the help forum), and not a bug in PGV.