• Content
  • Comments (0)
  • Related articles
Apr
17
2013

OpenCart – How do you increase the session timeout Wednesday, 17 April 2013

Currently the session timeout in OpenCart is set to 1440 seconds, which is sever standard setup at least on my host server. I was wondering if there is something special to do about this so i can increase the timeout session, since the usual ways seem to not work for Opencart. Usual ways meaning editing .htaccess and php.ini files, all modifications we made didn’t pay off:

The following .htaccess modifications ( except for session.cookie_lifetime ) are shown in phpinfo () but have no effect on Opencart session:

php_value session.cookie_lifetime 86400
php_value session.gc_maxlifetime 86400
php_value session.cache_expire 180

The following php.ini modifications have no effect at all and are not shown in phpinfo ():

session.cookie_lifetime 86400;
session.gc_maxlifetime 86400;
session.cache_expire 180;

But digging further into OpenCart structure,  /public_html/system/library/session.php caught our attention. The orginal file looks like this:

<?php
class Session {
    public $data = array();

      public function __construct() {        
        if (!session_id()) {
            ini_set('session.use_cookies', 'On');
            ini_set('session.use_trans_sid', 'Off');

            session_set_cookie_params(0, '/');
            session_start();
        }

        $this->data =& $_SESSION;
    }

    function getId() {
        return session_id();
    }
}
?>

So, since .htaccess and php.ini doesn’t affect the session timeout we tried to impose same settings via OpenCart’s session.php as follows:

<?php
class Session {
    public $data = array();

      public function __construct() {        
        if (!session_id()) {
            ini_set('session.use_cookies', 'On');
            ini_set('session.use_trans_sid', 'Off');

            /* Q-mod -- session extend */
            session_set_cookie_params(86400, '/');
            ini_set('session.cache_expire', '180');
            ini_set('session.gc_maxlifetime', '86400');
            ini_set('session.save_path','/your_path/public_html/sessions');

            session_start();
        }

        $this->data =& $_SESSION;
    }

    function getId() {
        return session_id();
    }
}
?>

In order for those modifications to work is important to create your own session storage folder, we added this folder in the root folder of our OpenCart installation  [/public_html/sessions]. After creating the folder make sure you set full read-write-execute access by setting atributes to 777.

So far so good, refreshing the pages and checking the phpinfo () shows that the settings are applied. Next step was to login to Opechart Admin and wait 30min without doing nothing to see if session ends after those 24min of default limit. Joy allover, since we imposed 86400 seconds (24 hours) for cookies and session time, and 180 minutes for cache (this is less considering that over time, if the server traffic is high, you can experience load and lag issues, you can adjust according with your site traffic) we need it to way few hours to see if really works. Again everything worked as expected, no auto logoff ocurred, not even after closing and reopening the browser (since the value for session.cookie_lifetime is not 0 (zero) – clear when browser is closed).

Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 86400 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 86400 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /your_path/public_html/sessions /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid Off 0

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*