Posted by dawnerd on 05/01/07 01:26

On Apr 30, 4:08 pm, dawnerd <dawn...@gmail.com> wrote:
> HI everyone.
>
> I have another little problem that I could use some advice on. I have
> a session class that handles creating a simple session to keep my
> users logged in. It works fine. However, the session will expire in a
> random amount of time. I've checked php's configuration and they are
> set to expire when the browser is closed (and is what I want). It also
> uses cookie sessions rather than the session if in the url. I have
> access to both php4 and 5 if needed (all of the code is php4 though).
>
> Here is some of the session code.
> /**
> * newSession( $userId, $password )
> * Creates a blank session.
> */
> function newSession( $userId, $password )
> {
> /**
> * Set the user info in the session.
> */
> $config = new configuration( $this->database );
> $config->getConfig();
> $configArray = $config->configArray;
>
> $_SESSION['honey'] = $userId;
> $_SESSION['bun'] = sha1( $configArray['salt'] . $userId .
> md5( $password ) );
> $_SESSION['glaze'] = time();
> }
>
> /**
> * checkSession()
> * Checks the current session.
> */
> function checkSession()
> {
> $config = new configuration( $this->database );
> $config->getConfig();
> $configArray = $config->configArray;
>
> $userId = mysql_real_escape_string( $_SESSION['honey'] );
> $this->current_user_id = $userId;
>
> $sql = "SELECT * FROM `users` WHERE `id` = '$userId'";
> $query = $this->database->query( $sql );
> $num = $this->database->count_rows( $query );
>
> /**
> * Check if user exists
> */
> if( $num != 1 )
> {
> $this->error = "Session expired.";
> return false;
> }
>
> /**
> * Check hashes
> */
> $sql = "SELECT * FROM `users` WHERE `id` = '$userId'";
> $query = $this->database->query( $sql );
> $row = $this->database->get_row( $query );
> $tempHash = sha1( $configArray['salt'] . $userId .
> md5( $row['pass'] ) );
>
> if( $_SESSION['bun'] != $tempHash )
> {
> $this->error = "Hashes do not match.";
> return false;
> }
>
> /**
> * Check if session is expired.
> */
>
> $tempTime = time() - 82400;
>
> if( $_SESSION['glaze'] < $tempTime )
> {
> if ( isset( $_COOKIE[session_name()] ) )
> {
> setcookie( session_name(), '', time()-42000, '/' );
> }
>
> session_destroy();
>
> $this->error = "Session timed out";
> return false;
> }
>
> $this->getUsernameFromId( $userId );
> $this->updateSession();
>
> return true;
>
> }
>
> I always get the session expired error I return. Any idea?
> Improvements?

I believe I have fixed it. I set the session save path. The default
was not set, which stored the session in a temp file (I think). I can
also guess that this temp folder was purging files. Again, just a
guess. I would really like to know how php handles sessions when the
directory is not defined.

• Next in forum: Re: Garbage collection
• Prev in forum: Re: Garbage collection
• Thread view: Re: Sessions Expire Unexpectedly

[Reply to this message]