0

This time, I need your help in something related to php. My users script is not working as expected, it's supposed to keep logged in 3 weeks but this just fails, after less than 60 minutes the session is destroyed and I need to login again, any suggestion?

My code:

<?php if (!isset($_SESSION)) session_start(); mysql_connect("YOU", "DONT", "NEED") or die("database connection failed"); mysql_select_db("THIS!!!") or die("database selection failed"); $user = $_POST['username']; $pass = $_POST['password']; $remember = $_POST['remember']; $token = $_POST['login-token']; $error; if(isset($_SESSION['username'])) { $error = $error." :erlgd:"; } if(empty($user)){ $error = $error." :erusr:"; } if(empty($pass)){ $error = $error." :erpwd:"; } else $password = md5($pass); if(empty($error)){ $sql = "SELECT * FROM login_users WHERE username='$user' AND password='$password'"; $result = mysql_query($sql); $count = mysql_num_rows($result); if($count == 0){ $sql = "SELECT * FROM login_users WHERE email='$user' AND password='$password'"; $result = mysql_query($sql); $count = mysql_num_rows($result); if($count == 0){ $error = $error.":erwrg:"; } } } // Once everything's filled out // Just double check there are no errors first if($error == '') { while($row = mysql_fetch_array($result)) { $minutes = 10080; if($minutes == 0) ini_set('sesion.cookie_lifetime', 0); else ini_set('session.cookie_lifetime', 60 * $minutes); session_regenerate_id(); $sql = "SELECT * FROM login_activate WHERE username='$user'"; $count = mysql_num_rows(mysql_query($sql)); if ($count > 0) $_SESSION['activate'] = 1; else $_SESSION['activate'] = 0; $_SESSION['restricted'] = $row['restricted']; $_SESSION['name'] = $row['name']; $user_level = unserialize($row['user_level']); $_SESSION['user_level'] = $user_level; $sql = "SELECT level_disabled FROM login_levels WHERE level_level = '$user_level'"; $disRow = mysql_fetch_array(mysql_query($sql)); $_SESSION['level_disabled'] = $disRow['level_disabled']; if(!empty($remember)) { ini_set('session.cookie_lifetime', 60*60*24*100); // Set to expire in 3 months & 10 days session_regenerate_id(); } // And our magic happens here ! Let's sign them in $_SESSION['username'] = $row['username']; unset($_SESSION['token']); echo "success"; // Redirect after it's all said and done } }else{ echo "error:".$error; } ?>

Thanks!

PS: As additional data, this is a shared server.

Improve this question
5
  • why would you do this code in a while loop? Commented Feb 28, 2012 at 2:32
  • @dqhendricks in a loop? I'm sorry but there isn't a loop, maybe you say this because it first searches if it's an user and later searches if it is a e-mail. Commented Feb 28, 2012 at 2:36
  • no i am talking about this line... while($row = mysql_fetch_array($result)) { Commented Feb 28, 2012 at 2:40
  • are you expecting more than one record to be returned? why is this in a loop? Commented Feb 28, 2012 at 2:41
  • @dqhendricks not really, but don't know how to change it and dont alter the other pieces of code, also I dont see any problem to keep it like that Commented Feb 28, 2012 at 2:45

3 Answers 3

Reset to default
1

Take a look at the session.gc_maxlifetime in /etc/php5/apache2/php.ini

Either update it there, or try putting ini_set('session.gc_maxlifetime', 60*60*24*7*3); in your script at the top

Increase that to something larger

basically, this is how long the server waits before clearing session files

Improve this answer
Sign up to request clarification or add additional context in comments.

11 Comments

Shared hosting, any suggestion?
you could try running ini_set('session.gc_maxlifetime', 60*60*24*7*3);
or ask your hosting provider to change that value
This seems to work, please update answer and wait until tomorrow, I will see if this fixes it. thanks!
Is there a way to see if the cookies and sessions were set successfully AFTER logged in? Like a sessions historial in the browser?
|
1

You will need to use cookies to support the remember me type of behavior. When a session is destroyed on the server, the cookie is meant to act as a catalyst to start a new session as the same user, when they re-visit your site, and auto-logging them in, behind the scenes.

A Google search returns some pretty good results, most notably a reference to actual cookie code (search for autologin.php).

Improve this answer

5 Comments

@Ascherer, I did and it seems to work kinda better, going to wait for results.
Mike, thanks! I didn't know this, I thought cookies and sessions were the same, now working with this, waiting for tomorrow to accept the best answer. Thanks!
Is there a way to see if the cookies and sessions were set successfully AFTER logged in? Like a sessions historial in the browser?
You can refer to $_SESSION and $_COOKIE as you can normal arrays. For example, in one of my projects I have $_COOKIE[$cookiePrefix . '_password'] which I use to check to see if cookie has been set matching 'wx_password'. Read up on the docs related to cookies and you will see how it easy it is. us.php.net/manual/en/function.setcookie.php
@Luis: Did you ever figure it out?
0

usually people use session_set_cookie_params() to change the lifetime of a session cookie. and you should be setting this before the first session_start() is called I believe. the default is typically set to 0 (aka when the user closes the browser window).

http://www.php.net/manual/en/function.session-set-cookie-params.php

you will also need to change the garbage collection max lifetime for session files. before your session begins, try:

ini_set(’session.gc_maxlifetime’, $lifetime_in_seconds);
Improve this answer

1 Comment

Is there a way to see if the cookies and sessions were set successfully AFTER logged in? Like a sessions historial in the browser?

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.