Need help with session timeouts

[techmatters]

The session length on our server (virtual hosted) is 24 minutes, and we have noticed that this has caused problems to some sloooowww shoppers who have had their carts go AWOL during the checkout. I also believe it may be related to missing orders from some paypal transactions (only a very few). However small, a missing order is costly and the client is seeking an explanation as to why. Fair enough too.

I approached our hosting company to extend the session time out period but I was given this "advice":

Quote:

Session garbage collection takes place by default on the server every 24 minutes. This means any sessions stored in the default location will have their data removed at this stage. If this is insufficient to you, you can try saving your session data into a different location by setting session.save_path, or alternatively save your session data to a database heap table. This would also allow you better tracking of orders, as it is easier to interface to a database than to a heap of session data files stored on disk in a volatile location.

Unfortunately this doesn't mean a lot to me as I know nothing about server admin and am self-taught PHP and MySQL

Now my session files are already held in mysql
define('STORE_SESSIONS', 'mysql');

I also have the following settings under configuration in admin:

Session Directory - /tmp (by the way, this directory does exist)
Force Cookie Use - False
Check SSL Session ID - False
Check User Agent - False
Check IP Address - False
Prevent Spider Sessions - True
Recreate Session - True

Is there anything that I can actually do to solve this problem within the realms of OscMAX. How can I stop losing session info after 24 minutes even when my session data is already stored in MySQL? (or at least I think it is)

Any help gladly received.

Janet

[jpf]

If you have access to your own php.ini file on the server (not in the standard directories that you normally host your file in).

Look for and modify:
session.gc_maxlifetime = 1440
(24min x 60sec)

Change to a higher number like 3600 (60min) but not more....

If you don't have access and your host will not change it for you then there is nothing you can do other than have your customer "refresh" or navigate though your site every 20 mins.

Good luck

[techmatters]

Thanks jpf.
As I am on a shared server I do not have access to php.ini. I am happy to tackle the tech support people at the hosting company and push them to increase the time, however, I'm not sure how to "intelligently" respond to the earlier advice given from the hosting company, because according to them I just need to change the place where I store session data to solve the problem. I would appreciate if you could comment on their response and give me a convincing argument why that won't work (so I can convince them, not me).

[jpf]

First of all check via FTP all directories to see if you do have a php*.ini file - some shaired hosts are like a virtual host where you have your own php.ini and you can make changes (also good for changing the "register_globals = Off" to "register_globals = On" as required for MS2 and Max). However not all are like that and not all allow changes. Maybe moving hosting company to one that is more flexable (maybe like AABOX or Future Point).

[techmatters]

OK I have solved this problem and post it here for anyone else who may be suffering the same issue.
There IS a way to solve this within oscMAx without having to change server settings. The answer is in the sessions.php file (includes/functions/sessions.php), where we find the code specifically setting the session lifetime to 24 minutes (1440 seconds), for sessions stored in mysql.

Look for this code:

Code:

  if (STORE_SESSIONS == 'mysql') {
    if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
      $SESS_LIFE = 1440;  
    }

Simply remove the 'if' statement and set the $SESS_LIFE to an appropriate number (in seconds), but as jpf suggested less than 60 minutes.

Like this:

Code:

  if (STORE_SESSIONS == 'mysql') {
          $SESS_LIFE = 3000;   //set to 50 minutes

You can do the same for the sessions.php in the admin folder.
Of course you need to have STORE_SESSIONS set to 'mysql' in both of the configure.php files.

This has helped us solve what was becoming a serious problem of expiring sessions during checkout, particularly when using the Paypal IPN. By the time some people fiddled around on the Paypal site, their session had expired, which resulted in money being taken in Paypal, but no record of the order on our site. Very embarrassing.

However we are now all smiles There was a solution after all.

[michael_s]

Great solution. Sticky now...

[mag]

look

Code:

  if (STORE_SESSIONS == 'mysql') {
    if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime+1560')) {
      $SESS_LIFE = 1440;  
    }

it´s not correct ??

its the same as ??

Code:

  if (STORE_SESSIONS == 'mysql') {
          $SESS_LIFE = 3000;  
    }