.htaccess中的会话覆盖，甚至php ini_set无法正常工作 [英] session override in .htaccess, and even php ini_set not working

问题描述

更新

PHP ini设置

指令|当地价值|主值

session.auto_start关闭关闭

session.cache_expire 180180

session.cache_limiter nocache nocache

session.cookie_domain无值无值

session .cookie_httponly关闭关闭

session.cookie_lifetime 0 0

session.cookie_path / /

session.cookie_secure关闭关闭

session.entropy_file / dev / urandom / dev / urandom

session.entropy_length 32 32

session.gc_divisor 1 1

session.gc_maxlifetime 3 3

session.gc_probability 1 1

任何帮助都非常感谢。谢谢。

---

原始

我已经尝试了大约15种不同的方法，通过重新研究和过去的堆栈溢出帖子，结果仍然是相同的，在闲置5-10分钟后，我退出了会话

我要做的就是长时间保持登录状态。

.htaccess

 < IfModule mod_php7.c> 
＃会话超时
 php_value session.cookie_lifetime 3600000 
 php_value session.gc_maxlifetime 3600000 
< / IfModule> 
  

php

< pre class = lang-php prettyprint-override> ini_set（'session.gc_maxlifetime'，3600000）;
ini_set（’session.cookie_lifetime’，3600000）；
session_start（）;

if（！isset（$ _ SESSION [ username]））{{b $ b header（ Location：admin-login.php）;
exit（）;
}

if（isset（$ _ SESSION ['username']）&&（time（）-$ _SESSION ['username']> 3600000））{
//上一个请求是在30分钟前
session_unset（）; //为运行时
session_destroy（）设置$ _SESSION变量； //销毁存储区
中的会话数据}
$ _SESSION [’username’] = time（）; //更新上一个活动时间戳记


解决方案

ini_set（'session.gc_maxlifetime'，3600000）; 仅为当前正在运行的脚本设置会话文件的生存期。如果其他脚本是startet，则具有其自己的（默认）设置。会话文件的生存期已到期并调用了垃圾回收 。

注意：如果不同的脚本具有不同的session.gc_maxlifetime值，但是共享用于存储会话数据的相同位置，则具有最小值的脚本将清除数据。在这种情况下，请将该指令与 session.save_path 一起使用。

http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime

这意味着访问会话文件夹的每个脚本，甚至是依赖于共享主机配置的外部站点，都可以具有自己的生存期设置，因此可以删除已配置文件夹中的会话文件。因此，您还应该将 session.save_path 设置为您控制下的writeble文件夹。访问该保存路径内的会话的所有脚本都需要配置预期的设置。另请参见PHP函数 session_save_path 。

此外，默认情况下，会话垃圾回收不会在每个脚本上运行。您可以通过 session.gc_probability 进行配置和 session.gc_divisor 。将概率和除数都设置为 1 。

请注意，将整数值传递给 ini_set 会导致致命错误。它应该是一个字符串值： ini_set（'session.gc_maxlifetime'，'3600000'）; 。

UPDATE

PHP ini settings

Directive | Local Value | Master Value

session.auto_start Off Off

session.cache_expire 180 180

session.cache_limiter nocache nocache

session.cookie_domain no value no value

session.cookie_httponly Off Off

session.cookie_lifetime 0 0

session.cookie_path / /

session.cookie_secure Off Off

session.entropy_file /dev/urandom /dev/urandom

session.entropy_length 32 32

session.gc_divisor 1 1

session.gc_maxlifetime 3 3

session.gc_probability 1 1

Any help is much appreciated. Thanks.

---

ORIGINAL

I have tried about 15 different methods, through resaearch and past stack overflow posts, and the result is still the same, I am logged out of the session after 5-10 mins of going inactive

All I want to achieve is to stay logged in for a long time...

.htaccess

<IfModule mod_php7.c>
    #Session timeout
    php_value session.cookie_lifetime "3600000"
    php_value session.gc_maxlifetime "3600000"
</IfModule>

php

ini_set('session.gc_maxlifetime', 3600000);
ini_set('session.cookie_lifetime', 3600000);
session_start();

if(!isset($_SESSION["username"])){
    header("Location: admin-login.php");
    exit(); 
}

if (isset($_SESSION['username']) && (time() - $_SESSION['username'] > 3600000)) {
    // last request was more than 30 minutes ago
    session_unset();     // unset $_SESSION variable for the run-time 
    session_destroy();   // destroy session data in storage
}
$_SESSION['username'] = time(); // update last activity time stamp

解决方案

ini_set('session.gc_maxlifetime', 3600000); sets the lifetime of session files for the currently running script only. If other scripts are startet, the have their own (default) setting. A session file is removed when its lifetime has expired and the garbage collection is invoked.

Note: If different scripts have different values of session.gc_maxlifetime but share the same place for storing the session data then the script with the minimum value will be cleaning the data. In this case, use this directive together with session.save_path.

http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime

This means that each script accessing the session folder, even foreign sites depending on shared hosting configuration, can have its own lifetime setting and therefore delete session files in the configured folder. Thus you should also set the session.save_path to a writeble folder under your control. All scripts accessing a session within that save path need to be configured with the intended settings. See also the PHP function session_save_path.

Further more the session garbage collection does not run on every script start by default. You can configue this by session.gc_probability and session.gc_divisor. Set both, probability and divisor, to 1.

Note that passing an integer value to ini_set results into a fatal error. It should be a string value: ini_set('session.gc_maxlifetime', '3600000');.

这篇关于.htaccess中的会话覆盖，甚至php ini_set无法正常工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！