How can I not let the session expire in Joomla when it closes? (or last longer)

Asked

Viewed 189 times

0

I have a building component installed. It has the option to add properties to favorites and creates a list, but when I close and open the browser, regardless of how long it was closed, it deletes the list.

Talking to the developer he told me it is because of the sessions that are erased. And he did not know how to help me. On his demo site, when it closes and opens again, it doesn’t delete the bookmarks list.

Someone knows how to help me, how to make joomla not delete the session when closing the browser?

Thank you!

  • Rephrase, show the code, Tell me what this component is, etc. You can’t guess what’s going on. The developer, aware of the code, did not succeed, imagine if someone here will succeed. Anyone who answers your question the way it is will just be kicking, and kicking doesn’t help solve anything ;)

2 answers

0

The way to do this is by using COOKIE instead of SESSION. Take a look at the Manual for PHP who is always a savior.

0

This is the default PHP behavior, see here.

There are two different things that should be noticed in the sessions, being him:

  • session.cookie_lifetime defines the time when the cookie session will be deleted in seconds. The expiration time of the cookie is defined when it is created, in the session_start(), and is not updated! If the value is 0 the cookie will be available until the browser is closed, which is the default.

  • session.gc_maxlifetime sets the time that the session file will be understood as "trash" and potentially will be deleted, it takes into consideration the date of the last session file update.


/!\ This is not recommended!

If you want the archives of the sessions to be "permanent", as well as the cookies, you can simply use:

session.cookie_lifetime = 31536000
session.gc_maxlifetime = 31536000

This will make sessions at best available for 1 year.


Now let’s go to trouble.

The session is divided into two steps, a cookie in the browser and a file on the server.

Defining a gc_maxlifetime high will make the server have several useless files, literally. The uselessness can occur for several factors, the most common is because the user has deleted the cookies or simply never again accessed the website.

Define a cookie_lifetime tall no problem, in my view, the only problem is that it becomes easy to steal the session (the value of the cookie) because it will only expire next year.


"Solution":

Define a cookie_lifetime a week, for example. This will cause the cookie to die after a week of creation. In addition it is necessary that the session contents (the files) are also present, so change the gc_maxlifetime for also a week.

Also, when the user connects create a new cookie, with the same session, this way will "renew" the one week deadline to expire the cookie, ie if the user accesses 6 days later instead of remaining 1 day will remain new 7 days.

Another solution is to save everything in cookie and set a high expiration time, so no session will be used, no server file will be read, everything will be read on the client side for itself, but this varies from case to case.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.