We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

Logging into Manager: session vs. cookie

  • opengeek Reply #11, 18 years ago
    Quote from: Tristan at Apr 10, 2006, 07:59 PM

    I’m using a shared hosting system :’(

    I tried with smaller values (60 seconds) and it worked (after 60 seconds, I get back to the login screen). So I figured it out that it should work for bigger values ...

    Nice work Tristan. I’ll do some follow-up research and get this in the upcoming release, as a configuration option.
      Jason Coward
      Chief Architect @ MODX
      http://www.jasoncoward.com | http://twitter.com/drumshaman | https://github.com/opengeek
    • sottwell Reply #12, 18 years ago
      You may have cut everybody’s timeouts to 60 seconds...it’ll take the whole bunch of session files out when it hits the first timeout. (not all shared hosting installations are the same, YMMV).
        Studying MODX in the desert - http://sottwell.com
        Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
        Join the Slack Community - http://modx.org
        • 29354
        • 39 Posts
        Taz Reply #13, 18 years ago
        Quote from: sottwell at Apr 11, 2006, 09:22 AM
        You may have cut everybody’s timeouts to 60 seconds...

        Thanks Susan, it seems you are right again, sessions of different sites are deleted according the lowest timeout !

        I found a concrete example of how increasing session timeout at this location: http://www.captain.at/howto-php-sessions.php

        It is based on what you suggested: saving the sessions in a new directory. It explains that the garbage collector will not see them so it will not delete them. I am wondering so who will delete these files ? Are these files deleted automatically by the php_mod at the end of the session lifetime ? (meaning, is there 2 kinds of GC ?)

        I will do some tests tonight ...

        Tristan


          • 29354
          • 39 Posts
          Taz Reply #14, 18 years ago
          So I did some tests on changing the location of the session files.

          I made a first test with a subdirectory of the usual session directory: /tmp/mysession
          I did set the timeout to 1 hour, but the directory /tmp/mysession has been deleted after 20 minutes.

          Then I did a second test by moving the directory to my home directory: /home/mydir/sessions
          the session did last 1 hour, but the files are not deleted. However, since this is a site with not many hits, that does not bother me, I can delete them sometimes.

          The code I used:

                  function startCMSSession(){
            global $site_sessionname;
			
            // $sessdir = ini_get('session.save_path') . DIRECTORY_SEPARATOR . $site_sessionname;
            $sessdir = "/home/revesman/sessions";

            // need to create the directory ?
            if (!is_dir($sessdir)) {
                mkdir($sessdir, 0777);
            }
            ini_set('session.save_path', $sessdir);
			
            $timeout = 86400; // 86400 sec = 24 hours 
			
            session_set_cookie_params($timeout, "/");
            ini_set('session.gc_maxlifetime', $timeout + 600);  // security of 10 minutes

            session_name($site_sessionname);	
            session_start();
        }


          Tristan

          • sottwell Reply #15, 18 years ago
            When I did this for a client, I made up a new Manager item to provide a "Clear sessions" menu option next to the site refresh menu option. Clicking on the option deleted the files more than 24 hours old. It would be much easier now to make a module for that, since with a module you wouldn’t have to hack the Manager code!

            Or, a plugin would do the trick, using a simple random number generator to determine when to check and remove stale session files automatically.

            The plugin fires at every page request, generating a random number. If the number equals an arbitrary number you’ve set in the code, then it runs the garbage collection, checking the directory you are using and deleting files older than the amount of time you specify. Depending on how busy your site is, you can change the span for the random number generator, making it a greater or lesser of a chance of "the" number being generated.
              Studying MODX in the desert - http://sottwell.com
              Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
              Join the Slack Community - http://modx.org