[pmwiki-users] Fixing short sessions

Patrick R. Michaud pmichaud at pobox.com
Fri Sep 22 09:45:41 CDT 2006

On Fri, Sep 22, 2006 at 04:21:28PM +0200, Peter Brink wrote:
> I have a problem with short sessions. My pmwiki version is 2.1.33 and I 
> use authuser. My webhost provider uses a load balancer to move visitors 
> to one of their clients websites to a new server if the first one goes 
> down. If a visitor is inactive for more than 10 min the load balancer 
> stops keeping track of the visitor's session. This means that I and the 
> editors of my wiki(s) must re-login every 10th min, which is rather 
> annoying...
> According to the webhost provider the solution to the problem is to 
> insert the following code snippet in the part of code of my application 
> (in this case PmWiki...) that manages sessions:
> ini_alter("session.gc_maxlifetime", "3600"); //1 hour
> ini_alter("session.cache_expire", "3600"); //1 hour
> ini_alter("session.save_path", "$DOCUMENT_ROOT/../data/sessions");
> session_start();
> (The directory ~/public_html/data/sessions must of course be writable by 
> the webserver).

Just use the following lines at the *beginning* of config.php (here
I'm using ini_set instead of ini_alter -- they're the same thing):

    ini_set('session.gc_maxlifetime', '3600');  # 1 hour
    ini_set('session.cache_expire', '3600');    # 1 hour

Change '/path/to/sessions' to be the location of a directory somewhere
that is writable by the webserver.  You probably don't want it to be
something that can be accessed by url, however, otherwise people will
be able to see other's passwords.

Also, unlike the code your provider suggested, it's better to leave
it to the application to actually start the session with 
"session_start", rather than doing it on every web request.

If this doesn't help, let me know and we'll find a better fix
that doesn't involve modifying pmwiki.php.


P.S.:  If you just want PmWiki to take care of creating the
directory for you, you can do:


and PmWiki will create a sessions/ directory inside of wiki.d/ , which
is already hopefully protected from outside web access.

More information about the pmwiki-users mailing list