membership session time for password protected pages

Re: [4cdg] membership session time for password protected pages

By Jason - August 12, 2010

Hi,

Both CMS Builder login and the Website memebership plugin use the same session variable. Whatever session time you set in CMS Builder will also affect the session time for people logging in through the membership plugin.

Hope this helps.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Jason] membership session time for password protected pages

By 4cdg - August 12, 2010

it is not working for me. I log into a page and don't do anything for about an hour, then when I click a link i can still go to the information.

here is what is in my init.php file

// Initialize session
session_name($SETTINGS['cookiePrefix'] . 'PHPSESSID'); // sets session.name
ini_set('session.use_cookies', true );
ini_set('session.use_only_cookies', true );
ini_set('session.cookie_path', '/' );
ini_set('session.cookie_httponly', true );
ini_set('session.cookie_lifetime', 0 ); // cookies are removed after this many seconds of inactiity
ini_set('session.gc_maxlifetime', 60 ); // sessions are removed after this many seconds of inactiity
ini_set('session.use_trans_sid', false );
session_start() or die("Couldn't start session! '$php_errormsg'!");
what have i done wrong??

Re: [4cdg] membership session time for password protected pages

By 4cdg - August 16, 2010

anything

Re: [4cdg] membership session time for password protected pages

By Chris - August 16, 2010

Hi 4cdg,

PHP sessions often last longer than expected because whether or not they're expired is a probabilistic thing. Presumably this is to prevent session expiry checks consuming too many resources on high traffic sites.

Each time a session is opened, the probability the gc is started is session.gc_probability/session.gc_divisor. session.gc_probability defaults to 1 and session.gc_divisor defaults to 100, which makes a 1% probability.

If you want to make sure that sessions actually expire after the amount of time you've specified, you'll need to set the probability to 100% by adding these lines (in red) to init.php:

ini_set('session.gc_maxlifetime', 60 ); // session garbage-collection code starts getting randomly called after this many seconds of inactiity
ini_set('session.gc_probability', 1 ); // after gc_maxlifetime is met old session are cleaned up randomly every (gc_probability / gc_divisor) requests
ini_set('session.gc_divisor', 1 ); // after gc_maxlifetime is met old session are cleaned up randomly every (gc_probability / gc_divisor) requests

ini_set('session.use_trans_sid', false );


I tested this and it seems to work! :)

I hope this helps! Please let me know if you have any questions.
All the best,
Chris