osCommerce: How to increase session lifetime
Published: Sunday, 11 November 2012 16:17       Written by Ogri

Upd: Русская версия статьи: osCommerce: Как увеличить время длительности сессии.

The default session duration in OSC is 1440 seconds (24 minutes). There is the following code snippet in the file /includes/functions/sessions.php:

if (STORE_SESSIONS == 'mysql') {
    if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
        $SESS_LIFE = 1440;
    }
//--------- More code... -----------
}

The first line indicates that the session must be stored in a database. An appropriate parameter in the file configure.php should be assigned like this:

define('STORE_SESSIONS', 'mysql');

2nd line: get_cfg_var function extracts session length from the php.ini. You can edit it by changing a value of the parameter session.gc_maxlifetime from 1440 to a different one. I set 2400 seconds (40 minutes). Here is a piece of php.ini:

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 2400

Bear in mind that the change of session.gc_maxlifetime parameter will alter the value of session duration in the entire scope of the php.ini on the server. If you do not want to change it that globally - edit the above code in sessions.php:

  1. Remove or comment out the 2nd and 4th lines. This will disable the check of session.gc_maxlifetime setting in the PHP server configuration.
  2. In the third line, change the $SESS_LIFE value from 1440 to the desired - for example, to that same 2400.

The resulting code is:

if (STORE_SESSIONS == 'mysql') {
    $SESS_LIFE = 2400;
//--------- More code... -----------
}

Session timeout is now increased locally - only for our OSC project.
 

Notes:

1. If you close the browser - the session will get closed as well.

2. For safety reasons, do not set the session to be too long. 3600 seconds (60 minutes) is the upper limit of safety.

3. You can control the session lifetime for the front-end separately from the one for an administrative service by editing individually /includes/functions/sessions.php and /admin/includes/functions/sessions.php files respectively.

Add comment