php中的会话超时问题 [英] Session timeout issue in php
问题描述
我已将会话超时时间设置为 20 分钟,如下所示.有时会话超时发生在两到三分钟内.
I have set session timeout time for 20 Minutes as below.Sometime the session timeout is happening in two or three minutes.
ini_set('session.gc_maxlifetime', 1200);
ini_set('session.cookie_lifetime', 1200);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);
可能是什么问题?
推荐答案
当用户浏览其他页面时,20 分钟到期不会重置.此评论 中解释了该问题:
The 20 minute expiration does not reset when the user browses other pages. The problem is explained in this comment:
由于 PHP 的会话控制不能正确处理会话生命周期使用 session_set_cookie_params() 时,我们需要在为了在用户每次访问我们时更改会话到期时间地点.所以,问题来了.
As PHP's Session Control does not handle session lifetimes correctly when using session_set_cookie_params(), we need to do something in order to change the session expiry time every time the user visits our site. So, here's the problem.
$lifetime=600;
session_set_cookie_params($lifetime);
session_start();
这段代码不会改变会话的生命周期,当用户回到我们的网站或刷新页面.会话将过期$lifetime 秒后,无论用户请求多少次这一页.所以我们只需按如下方式覆盖会话 cookie:
This code doesn't change the lifetime of the session when the user gets back at our site or refreshes the page. The session WILL expire after $lifetime seconds, no matter how many times the user requests the page. So we just overwrite the session cookie as follows:
$lifetime=600;
session_start();
setcookie(session_name(),session_id(),time()+$lifetime);
现在我们有相同的会话 cookie,其生命周期设置为适当的价值.
And now we have the same session cookie with the lifetime set to the proper value.
更好的是,将 session.cookie_lifetime 保留为 0,以便 cookie 在浏览器关闭时过期.否则,假设关闭浏览器将结束会话的用户会在 20 分钟超时前重新打开浏览器时感到惊讶.
Better, leave the session.cookie_lifetime to 0 so that the cookie expires when the browser is closed. Otherwise, users who assume that closing the browser will end their session will be surprised when they re-open their browser before the 20 minute timeout.
1/1 意味着 PHP 将检查每个 session_start 调用的会话文件的日期.
1/1 implies PHP will check the date of session files for every session_start call.
1/100 表示 PHP 将随机检查会话文件的日期,但大约每 100 个 session_start 调用一次.
1/100 means PHP will check the date of session files randomly but approximately once per 100 session_start calls.
日期检查本身包括将会话文件的访问时间与 gc_maxlifetime 进行比较;如果过去(例如)20 分钟内没有访问过该文件,它将删除该文件.
The date check itself consist of comparing session file's accessed time with gc_maxlifetime; it deletes the file if wasn't accessed in the past (e.g.) 20 minutes.
话虽如此,如果 cookie 由于超时(或在超时为 0 时关闭浏览器)而过期,则会话立即过期,因为浏览器停止发送过期的会话 id cookie;在这种情况下,PHP 会发出一个新的会话 ID cookie.与过期 cookie 关联的会话 ID 文件被放弃,不再被访问;因此,垃圾会按上述方式随时收集.
Having said that, if the cookie expires because of timeout (or closing of browser when timeout was 0) the session expires immediately since the browser stops sending the expired session id cookie; in which case PHP issues a new session id cookie. The session id file associated with the expired cookie becomes abandoned, does not get accessed anymore; therefore garbage collected anytime as described above.
最后,您的具体问题可以解决 (i) 通过查看会话 id cookie 的到期日期 (ii) 并记住在访问/刷新页面时不会更新具有超时的 cookie.
Last, your specific issue can be resolved (i) by looking at the expiry date of session id cookie (ii) and remembering that cookies with timeout are not renewed when page is visited/refreshed.
这篇关于php中的会话超时问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
