What's the default session timeout?
Development and Programming
I read that EE/Codeigniter’s default session timeout is 2 hours, but when I test my plugin (i.e. visit the page and leave it alone for 2 hours) the session is still alive past the 2 hour mark. I checked my phpinfo() and it’s set to the normal 1440, which I assume is overridden by CI/EE.
In the plugin, I’m doing very simple stuff, like:
$_SESSION['my_special_variable'] = $this->EE->input->post('my_special_variable')Since the session isn’t expiring on it’s own, I added a bit of code to unset my session variable manually, which works just fine:
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1440))
{
// last request was more than 24 minates ago
unset($_SESSION['my_special_variable']);
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stampI don’t want to include extra code where it’s not needed. So I’m scratching my head wondering why the session isn’t expiring on it’s own after 2 hours. Am I wrong about the default timeout?
I should probably be using EE’s session class (maybe that’s the problem?), but I tried that and had a lot of trouble with it so I just went the traditional route.
Did you try these “Hidden Configuration Variables”?:
http://ellislab.com/expressionengine/user-guide/general/hidden_configuration_variables.html#user-session-ttl http://ellislab.com/expressionengine/user-guide/general/hidden_configuration_variables.html#cp-session-ttl
Thanks, EpicVoyage. I should have specified that it’s for people visiting the site, but who are not logged in members or admins/cp users.
Do you mind if I ask why you need the information to expire?
I have only delved into half of the session management code so far. Someone else may have better ideas but I have been storing additional session information in a database table. By way of contrast, I know that CartThrob handles its own session information in a completely independent (from EE) manner through an additional cookie.
There is also an interesting development on the horizon that you may want to keep an eye on if this site will be upgraded. The soon-to-be-enforced EU cookie law is going to require permission before cookies can be stored. This is supposed to be a feature in the upcoming 2.5 release of EE. I expect the ability to toggle it on and off but this may have some ramifications on what you are attempting.
Sorry for the scatter-brained post. ^_^
Hey there, thanks again for the info. I’m designing “1-click” sale page - it’s a way for people to purchase something after they’ve made an initial purchase. That way, they don’t have to enter their credit card information again, they can just click a button. The only thing stored in the session after that initial purchase is their customer number so that we know the account to charge if they decide to do the 1-click purchase immediately after their initial purchase (on the order confirmation page). I want to be able time the session out after a certain period because theoretically, if the customer was on a public computer and didn’t close their browser out and left that page open, someone else could sit down and click the button to make the 1-click purchase. Maybe I’m being a little paranoid 😊 because technically, the same thing could happen if a person was in their Amazon account and left the page open since they also have 1-click sale pages.
The code I initially posted does the job, but I was just hoping that EE would time the session out by itself so I wouldn’t have to add any more bloat, but since it’s not timing out on it’s own (which I’m still confused by), I think I’m going have to use that code after all. I will definitely keep an eye on these new EU cookies laws - thanks again for that info!
I am glad you have something working and am sorry that I couldn’t help more.