corsasport.co.uk
 

Corsa Sport » Message Board » Off Day » Geek Day » PHP Sessions (maxlifetime)


New Topic

New Poll
  <<  1    2  >> Subscribe | Add to Favourites

You are not logged in and may not post or reply to messages. Please log in or create a new account or mail us about fixing an existing one - register@corsasport.co.uk

There are also many more features available when you are logged in such as private messages, buddy list, location services, post search and more.


Author PHP Sessions (maxlifetime)
John
Member

Registered: 30th Jun 03
User status: Offline
20th May 10 at 13:30   View User's Profile U2U Member Reply With Quote

I'm not sure if it would really, ISA breaks other random stuff though, they probably won't be using it.
Dom
Member

Registered: 13th Sep 03
User status: Offline
20th May 10 at 14:37   View User's Profile U2U Member Reply With Quote

does anyone know if the session ID is stored in a cookie? As i can never replicate this issue so i'm wondering if it is and that their browsers are scrubbing this cookie.
ed
Member

Registered: 10th Sep 03
User status: Offline
20th May 10 at 14:41   View User's Profile U2U Member Reply With Quote

PHPSESSIONID is the name of the cookie, and it stores the session ID which by default is some kind of hash value.

Regarding the security of storing details in a cookie. I store the username as plain text and then an MD5 of some values about the user from the database as a password. The idea is, even if you did manage to crack the MD5 of the password cookie, it's not going to help you as you wont get the password...
Dom
Member

Registered: 13th Sep 03
User status: Offline
20th May 10 at 16:55   View User's Profile U2U Member Reply With Quote

Cheers Ed!
To be honest i'm thinking of re-writing the lot for cookies, i can't see any of the information i'm storing being classed as sensitive apart from the full name and username perhaps.
The only thing i can think of is that they have some security setting on IE that's scrubbing the session cookie so i'm now testing security levels in IE to see if it's one of those that's causing it. But i think this is just clutching at straws
Dom
Member

Registered: 13th Sep 03
User status: Offline
20th May 10 at 22:31   View User's Profile U2U Member Reply With Quote

I've narrowed it down to something destroying the session, no idea what though....
ed
Member

Registered: 10th Sep 03
User status: Offline
21st May 10 at 07:55   View User's Profile U2U Member Reply With Quote

Have you got an Ajax or Iframe stuff going on? I've had issues with Ajax destroying session values because I forgot to put session_start() in there. Was very frustrating!
Dom
Member

Registered: 13th Sep 03
User status: Offline
21st May 10 at 08:00   View User's Profile U2U Member Reply With Quote

no ajax, no frames. All php pages have a session_start() - i call a main include file in every script and it's the 2nd thing i call, after ob_start() - using buffers, this wasn't working before i implemented the buffers so it's not that.
ed
Member

Registered: 10th Sep 03
User status: Offline
21st May 10 at 08:51   View User's Profile U2U Member Reply With Quote

I'm out of ideas then

Can you replicate the problem on your own machine?
Dom
Member

Registered: 13th Sep 03
User status: Offline
21st May 10 at 09:15   View User's Profile U2U Member Reply With Quote

Can now, no idea how i've managed to get it replicating the issue though. It seems to be destroying the session after 25/30mins, which is roughly the default setting I've switched the garbage collection off for the time being to see if that helps matters, although it shouldn't considering the session timeout is set to 4hrs.
What im now thinking is that it's an issue with the hosting (Tsohost clustered hosting) and some other timeout is occuring. But now pushing for the client to get a dedicated box so we have complete control over what's happening.
Knowing my luck though it's something simple
ed
Member

Registered: 10th Sep 03
User status: Offline
21st May 10 at 09:27   View User's Profile U2U Member Reply With Quote

Having just got a Webfusion VPS myself, I can safely say that shared hosting is a pain in the arse in comparison!
Dom
Member

Registered: 13th Sep 03
User status: Offline
21st May 10 at 09:48   View User's Profile U2U Member Reply With Quote

what's the deal with the unmetered bandwidth on webfusion VPS boxes? Is it true unlimited or do they have a Fair Usage Policy? I'm guessing Webfusion servers are all uk based?
Currently looking at Tsohosts or a dedicated box with Vooservers, but they are a little more expensive.
ed
Member

Registered: 10th Sep 03
User status: Offline
21st May 10 at 10:40   View User's Profile U2U Member Reply With Quote

I'm not too sure, I'd say they'd have a fair use policy but I don't think we're going to have enough traffic to cause issue. They're based in Uxbridge...
Dom
Member

Registered: 13th Sep 03
User status: Offline
21st May 10 at 20:37   View User's Profile U2U Member Reply With Quote

Might have to look into a webfusion VPS.
Managed to solve this whole issue.......................by using cookies You set the expire and they just work, 'mazing
ed
Member

Registered: 10th Sep 03
User status: Offline
21st May 10 at 21:03   View User's Profile U2U Member Reply With Quote

Easy hey
xa0s
Banned

Registered: 4th Mar 08
Location: Dartford, Kent Car: Turbo'd Fabia vRS
User status: Offline
22nd May 10 at 02:58   View User's Profile U2U Member Reply With Quote

ob_start() caused a session issue with me before... Try removing it!
Dom
Member

Registered: 13th Sep 03
User status: Offline
22nd May 10 at 08:48   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by xa0s
ob_start() caused a session issue with me before... Try removing it!


I did think that and tried it, but buffering was a recent addition and it was still doing it prior to that. Eitherway, cookies have sorted it and they actually work albeit slightly less secure. Hopefully i'll get this live over the weekend and the client will stop frothing at the mouth and pay me

  <<  1    2  >>
New Topic

New Poll

  Related Threads Author Forum Replies Views Last Post
where to get bonnet ashj General Chat 6 629
26th May 03 at 19:42
by Andy Morley
 
nova - 2.0 16v..... budget AK General Chat 44 5429
25th Oct 04 at 16:00
by Adam Kindness
 
track days aovertonwba General Chat 2 594
21st Apr 06 at 15:01
by AK
 
phpbb index Tom J Geek Day 3 780
13th Feb 07 at 15:34
by Steve
 

Corsa Sport » Message Board » Off Day » Geek Day » PHP Sessions (maxlifetime) 29 database queries in 0.0141380 seconds