How can I not let the session expire in Joomla when it closes? (or last longer)

0

I have a real estate component installed. It has the option to add real estate to favorites and creates a list, but when I close and open the browser, regardless of how long it has closed, it deletes the list.

Speaking to the developer he told me that it is because of the sessions that are deleted. And he did not know how to help me. On his demo site, when he closes and reopens, he does not delete the list of favorites.

Does anyone know how to help me, how to do for joomla does not delete the session when closing the browser?

Thank you!

    
asked by anonymous 06.02.2017 / 12:32

2 answers

0

The way to do this is to use COOKIE instead of the SESSION. Take a look at the PHP Manual that is always a savior.

    
06.02.2017 / 14:04
0

This is PHP's default behavior, see here .

There are two distinct things that should be noted in the sessions:

  • session.cookie_lifetime sets the time the cookie of the session will be erased, in seconds. The cookie expiration time is set when it is created, in session_start() , and is not updated! If the value is 0 the cookie will be available until the browser is closed, which is the default.

  • session.gc_maxlifetime defines how long the session file will be understood as "junk" and potentially deleted, it takes into account the date of the last update of the session file.

  

/! \ This is not recommended!

If you want session files to be "permanent", just like cookies , you can simply use:

session.cookie_lifetime = 31536000
session.gc_maxlifetime = 31536000

This will make sessions, in the best of situations, available for 1 year.

Now let's get into trouble.

The session is divided into two steps, one cookie in the browser and one file on the server.

Defining a gc_maxlifetime will cause the server to have several useless files, literally. Uselessness can occur due to a number of factors, most commonly because the user has cleared cookies or simply never accessed the website again.

Defining a cookie_lifetime high is no problem, from my view , the only problem is that it becomes easy to steal the session (the cookie value) because it will only expire next year.

"Solution":

Set a cookie_lifetime of a week, for example. This will cause the cookie to die after a week after it is created. In addition it is necessary that the contents of the session (the files) are also present, so change the gc_maxlifetime to also a week.

In addition, when the user connects, create a new cookie with the same session, so it will "renew" a week before the expiration of the cookie, that is, if the user logs in 6 days later.

Another solution is to save everything in cookie and set a high expiration time, this way no session will be used, no server file will be read, everything will be read on the client side for itself, but this varies from case to case .

    
07.02.2017 / 04:25