Secure Login with Remember [duplicate]

Question

Secure Login with Remember [duplicate]

Navigation

#1 by (2 votes)
#2 by (1 votes)

2

I need help with a login script. The problem is that the session automatically expires after a certain downtime. I'd like to increase the native session limit of my pages because the user needs to stay logged in on the system all day, and logging in when the session expires becomes a nuisance for users. I have tried session_cache_limiter(600); to increase the limit, but the server does not work, the session is destroyed in 2 hours.

My script is basically like this, when I log in I create three SESSION as follows logar.php :

$_SESSION['cod_cliente'] = ($row["cod_cliente"]);
$_SESSION['op'] = ($row["usuario_id"]);
$_SESSION['op_tipo'] = md5($row["tipo"]); //perfil

I have a page that checks if the user is logged check.php :

if(!isset($_SESSION['cod_cliente']) && empty($_SESSION['cod_cliente']) || !isset($_SESSION['op']) || empty($_SESSION['op']) || !isset($_SESSION['op_tipo']) || empty($_SESSION['op_tipo']))
{
    session_unset();     
    session_destroy();
    header('Location:login.php');
}

And in the pages that I want to protect I put in the beginning:

session_start();
include("check.php");

php session

asked by anonymous 21.01.2016 / 02:44

2 answers

How to use a variable across the scope of SQL batch "Trace" in (VBA / Excel), how do I get the name of a subroutine?

score 2 · Answer 1

I'm sorry for the mistake with the previous answer, I could not test, so I made a mistake.

To change the settings of php.ini without editing the file, use the ini_set() (some hosts block such a function), use it just to change the gc_maxlifetime of the session, and to ensure use also session_set_cookie_params() " which has the first parameter lifetime .

I booted a simple example, where I set the session to a maximum of 30 seconds, and even use session_cache_expire() to clear my cache after 1 minute to actually close my session (you only need to delete cache when session time is less than 180 minutes, since every 180 minutes cache is excluded by default). Be the example:

index.php :

<?php
    // define tempo de sessão para 30 seguntos (deve informar valor ente aspas)
    ini_set('session.gc_maxlifetime', '30');
    session_set_cookie_params('30');

    /* define a exclusão do cache após 1 minuto (apenas para a variável
       não ficar no cache por 180 minutos, para fazermos o tete) */
    session_cache_expire(1);

    session_start(); //inicia

    $_SESSION['logado'] = "Logado"; // Uma variável de teste

?>
<a href="verifica.php">Verificar</a>

verify.php :

<?php
    session_start(); // pega sessão
    echo $_SESSION['logado']; // exibe variável de sessão (será exibido erro quando ela for apagada)
?>

To test just access index.php , after one minute access verifica.php and the session variable will not be set. Sometimes it can make a difference because of the cookies of session that is holding the variable in memory.

score 1 · Answer 2

I've already faced problems where I logged on for unlimited time and it still expired after a period of inactivity and in my case it was the Garbage Collector.

The gc_maxlifetime setting for php.ini sets the time a session has to be considered disposable , closing it even if it has not reached the full limit.