sessions and timeouts - general overview needed

8 posts by 5 authors in: Forums > CMS Builder
Last Post: November 1, 2012   (RSS)

I've had two clients contact me today regarding "timeouts" and would like to understand how any presets may affect their experience or what I can do to make adjustments.

One client was logged in as an administrator, viewing a list of records. He prefers to remain logged in all day, so he can view new customer activity. If he leaves his web browser open and then clicks a button or link within the admin, he is forced to log back in again if a certain amount of time has passed. (Minutes, not hours, according to him.)

Another client was logged in as user with 'editor' privileges and was creating new record, but the editor froze up on him. In this case, I suspect the session timed out if he took too long to upload photos, etc.
I contacted the hosting service and increased the mySQL timeout limit and am waiting to see if that improves their situation.

My question for IT: What files/sections of code within CMSB have defaults set that control either of the above situations. And am I correct in assuming that any settings on the server root php.ini file would override CMSB settings?

Thanks in advance for any help. (As you can tell, I'm really a PHP novice.)
~ Deborah

Re: [Deborah] sessions and timeouts - general overview needed

By Jason - September 28, 2010

Hi Deborah,

You can set your session expiry time in cmsAdmin/lib/init.php
Look for code that looks like this:
ini_set('session.cookie_lifetime', 60*60*24); // cookies are removed after this many seconds of inactiity (set to 0 for session only)
ini_set('session.gc_maxlifetime', 60*60*24 ); // session garbage-collection code starts getting randomly called after this many seconds of inactiity


This is where you can set the lifetime of you session in seconds. By default it's set to "60*60*24" or 1 day. Basically, you can change the number 24 to the maximum number of hours you want the session to exist for. This should override the server settings.

If you change these values, get your client to clear out their cache and delete all their cookies before logging in again so they start off fresh.

Also, if you make any changes and then upgrade, your changes will be over written and you'll need to make them again.

If you're client is still running into any issues, let me know.

Hope this helps.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Jason] sessions and timeouts - general overview needed

By mdegive - April 29, 2011

session timeout is set to 60*60*24 in init.php, yet the admin times out after 20 min.

Is the admin timeout set somewhere else?

Re: [mdegive] sessions and timeouts - general overview needed

By Dave - May 1, 2011

Hi mdegive,

PHP sessions are stored as files on the server. Some hosts try to "optimize" things by erasing those files every 20 (or x) minutes.

One way around that is to change the folder session files are stored in. In the latest CMSB you can do that by setting a folder path under: Admin > General > session.save_path

If you set that to another folder (ideally one above your htdocs folder, but just use a hard to guess name otherwise such as _sessions_xyz923) then you should get the full 24 hours.

Hope that helps! Let me know if that works for you.
Dave Edis - Senior Developer
interactivetools.com

Re: [mdegive] sessions and timeouts - general overview needed

By Dave - May 2, 2011

Hi mdegive,

I know, it seems a little odd at first glance.

The reason is that session files are often stored in a shared dir such as /tmp/ and when there's many hosts on a server you can get performance issues due to the number of files (or max files per dir issues). So PHP has a setting so you can divide session files across many sub-directories, see: http://www.php.net/manual/en/session.configuration.php#ini.session.save-path

The problem is once you do that the automatic garbage collection doesn't work anymore, so you need a cronjob to remove old session files. Some linux distros and hosts do this by default and set the timeout low (such as 20 minutes). This is also referenced in php.ini:

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440

; NOTE: If you are using the subdirectory option for storing session files
; (see session.save_path above), then garbage collection does *not*
; happen automatically. You will need to do your own garbage
; collection through a shell script, cron entry, or some other method.
; For example, the following script would is the equivalent of
; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
; cd /path/to/sessions; find -cmin +24 | xargs rm


Anyway, an easy way to test if that's the case is to just try setting a different savepath folder for sessions. If that doesn't fix it let us know and we'll keep trying.

Hope that helps!
Dave Edis - Senior Developer
interactivetools.com

Re: [Dave] sessions and timeouts - general overview needed

I tried setting a new folder like mentioned above.. however.. now I get this error:

session.save_path doesn't exist (_sessions_xyz923)

Re: [s2smedia] sessions and timeouts - general overview needed

By Dave - November 1, 2012

Hi s2smedia,

It needs to be a full path to a directory that exists, eg:
/var/www/sites/yoursite.com/_session_dyx124/
Dave Edis - Senior Developer
interactivetools.com