[Pmwiki-users] PHP Sessions / Cookies / Authentication / Cache
Fri Jun 25 10:05:59 CDT 2004
According to the PHP documentation, the session.gc_maxlifetime variable
which is set in the php.ini file can actually be set via a .php script
using the ini_set( ) function.
Like so: ini_set(session.gc_maxlifetime, 2880);
Which would set it to 48 minutes instead of the default of 24 minutes
I don't have a production environment to actually test this on.
For more information, check the PHP documentation Function Index, and
look for ini_set( )
Now a question. If I want to create a cookbook recipe that uses
session, I don't want to declare the session_start( ) function twice.
It would be nice if the session_start( ) function was in the core of
pmwiki (whether it's actually used or not), this would take a bit of the
guesswork out of writing add-on's.
I was experimenting with session( ) today, and I got a simple add-on
module to basically just output the session_id. I'm working on some
more complex examples and I hope to work sessions into some of my
existing modules. Again, it migh be a bit tricky depending on whether
someone has PmWiki's optional sesson_auth.php enabled or not.
If there's some performance issue with having in the core, then maybe we
could at least have it in the core as an option, like
$EnablePHPSessions = 1;
Sessions are used for a lot more than just authorization schemes.
Comments on the Article
increasing because people don't want information stored on their
computers, etc etc etc. But when I read the PHP manual, it seems to be
that using sessions does in fact rely on cookies. Does anybody know
better? I'm not really an expert with php or cookies, so I'm a bit
confused by the apparently conflicting facts.
On Friday, June 25, 2004 6:21 AM [GMT+1=CET],
Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Fri, Jun 25, 2004 at 03:14:31PM -0700, Steven Leite wrote:
>> I found an interesting article at PHP Freaks.com. If any
>> of the topics in the subject of this message interest you, then
>> it might be worth checking out. Here's a snippet of the Intro:
> There's another problem with PHP sessions, in that the session data
> is automatically expired after 24 minutes. This means that if someone
> doesn't interact with the site at least once every 24 minutes, then
> their session data can be lost.
> While this may be okay for most sites; it's bad on a wiki where
> someone could easily spend more than 24 minutes (1440 seconds)
> editing a page.
> By the time they click "Save", their session could've been wiped out
> by PHP (and yes, this has happened to people running sessionauth.php).
> PHP does have a "session.gc_maxlifetime" variable, but I haven't been
> to get it to reliably increase the amount of time a session is
> allowed to live. I suspect that if other PHP scripts are running on
> the same server that don't change session.gc_maxlifetime, then those
> scripts may clean up sessions older than the default of 1440 seconds.
> The solution may be
> to change the directory where session data is stored, but that
> introduces its own set of headaches...
More information about the pmwiki-users