Moodle in English: Session Timeouts

Session Timeouts

by Paul Norrod - Tuesday, February 10, 2004, 12:37 AM

Everything is peachy with my moodle site except that I and my students (all at home on different ISPs) are forced to log back in after a short period of inactivity - it is hard to say how long - perhaps 15 minutes or so and a login is required again.

Secure forms is set to NO and I have run the session test script in moodle and it says sessions are working properly.

I jacked the session lifetime up to 4 hours in the variables page in moodle and with the php_value session.gc_maxlifetime 14400 in the .htaccess file (in my public_html directory - where the webserver looks, not my moodle .htaccess). Looking at phpinfo shows 14400. No dice, however - problem still exists.

I am wondering if the problem has to do with the exact domain name I am using. If I look at my HTTP_HOST varaible in phpinfo, it says mydomain.com. The SERVER_NAME variable is www.mydomain.com, however.

In my redirect to my Moodle site in my .htaccess in my public_html directory, I have:

Redirect permanent /index.htm http://www.mydomain.com/moodle/index.php

and in the config.php file for Moodle, I have:

$CFG->wwwroot = 'http://www.mydomain.com/moodle';

I am stumped as to what could be going on. It does not make a difference if the student or I log on with www.mydomain.com or mydomain.com - the session still times out quickly.

I know there have been posts about this type of problem in the past. I have read them, but was not able to solve my problem based on those discussions.

Any ideas would be greatly appreciated. Thanks!

Re: Session Timeouts

by Martin Dougiamas - Tuesday, February 10, 2004, 8:02 PM

I've seen some flaky behaviour with this stuff in the past year ... I think something has happened in PHP to make it not work properly.

The only sure-fire way I know is the change session.gc_maxlifetime in php.ini (for the whole server).

Since this is easy for me I haven't yet had a chance yet to look closer into the cause of local settings being ignored ... it would be great if someone could come up with something definitive about this.

Average of ratings: -

Re: Session Timeouts

by Gearoid Griffin - Tuesday, February 10, 2004, 8:56 PM

Hi, I read on php.net that this is quite flaky (specially on windows servers) and it was flagged as a bug recently enough but Im still trying to find where I found that.
on bugs.php.net
And an interesting conversation between Zeev and Rasmus about it

But I came up with a slightly different solution.
Basically I had slightly different requirements I needed reauthenication at particular times.
So I added an external function that examined the logged in time, got the current time, added an amount of time that was predefined per course + a random time for randomicity (is that a word?) So then if the random time was less than the current time, unset part of the session and it would bomb out to the login screen then after i reauth off i go again. If thats any help let me know and I will get back to you.
Cheers
Gearóid

Average of ratings: -

Re: Session Timeouts

by Paul Norrod - Wednesday, February 11, 2004, 12:03 AM

Martin and Gearoid, thank you for your replies. Apparently I don't have anything setup wrong, it just does not work properly. My host is running RedHat Linux, Apache 1.3.29, and PHP 4.3.4, so there is nothing "Windowish" about any of the software.

My webhost is in the process of implementing something called suPHP that allows the Apache PHP process to run as the same user as the hosting account. So, instead of running as "Nobody", it would be running as "MyAccountName". This is to eliminate the need to 777 data directories (755 will be the new "highest" permission setting) and for the webhost to better identify those who are running "wild" applications.

The reason all of this relates to my problem is that after suPHP, PHP directives in the .htaccess files will not be allowed. Instead, I will be able to include my own php.ini file in my web space with any overides to the main php.ini. Perhaps that will solve the session problem - time will tell.

My webhost will be converting my server to suPHP in a few weeks, so I think I will live with the problem (I don't have any choice anyway) until I try the php.ini solution.

Gearoid, you solution sounds way over my technical head, but if the suPHP thing does not work, then I will be contacting you.

Thanks again to both of you for offereing advice and help.

Average of ratings: -

General help

Session Timeouts