Problem with the session

Pending
Advanced Security - PHP Register/Login System Advanced Security - PHP Register/Login System August 10, 2020
Login to reply
Milos Stojanovic Support Agent
4 years ago

Hey Eduardo,

The reason why sessions expire so quickly for some users can be one of the following:

1) Their IP is changing frequently and you have LOGIN_FINGERPRINT set to true in your ASConfig.php file.

To fix this set LOGIN_FINGERPRINT to false. You can learn more about this parameter here: https://milos.support-hub.io/articles/advanced-security-configuration#login-configuration

2) The session files are being deleted by your server before they expire.

You can fix this by updating the folder where session files are being stored. It can be any writable folder on your server and it's important that it cannot be accessed from the browser (via HTTP).

For example, if you have AS within the root of your public_html folder (assuming that this public_html folder is your server's root folder) then you can create a new folder on the same level as public_html folder (which means that it won't be accessible via HTTP since it won't be within the public_html folder) and then update the ASSession.php file to tell PHP that session files for the app should be stored in that newly created folder.

Let's say that you name that folder "as_sessions", and that AS script is uploaded directly in your public_html folder. Then you should update the ASSession::startSession method to look like the following:

public static function startSession()
{
    ini_set('session.use_only_cookies', SESSION_USE_ONLY_COOKIES);
    
    $cookieParams = session_get_cookie_params();
    session_set_cookie_params(
        $cookieParams["lifetime"],
        $cookieParams["path"],
        $cookieParams["domain"],
        SESSION_SECURE,
        SESSION_HTTP_ONLY
    );
    session_save_path(__DIR__ . '/../../as_sessions');     session_start(); }

Regards,
Milos

Eduardo Paredes
4 years ago

- Igetsomeone with login to index page, acording to the role redirect to other page, and some people say csrf error for the session and they have to login again please help, I change the ASSESSION.php to 14400 set value, what else i cando for the session ?? THANKS