Related site is: tcg-wallet.ga
i am getting a cookies “__test” mentioned in this post: Browser complains about cookie "__test"
I have reset my session with a duration of: 2678400; so that the user session lasts approximately 30 days.
the problem is that the session does not last a single day.
When verifying that the session cookies are used to send the requests, I see that “_test” is being used instead of the cookie programmed for the session.
Can you please share the code you are using to set a session? The “_test” cookie is used by the system if you are using InfinityFree nameservers. It does not cause issues with sessions as far as I am aware.
this is my session class:
i am implement in index.php next route call to initSession() method to check is $_SESSION exists, if not … is because the session is lost or not exists… it create the initial session for the web page … .
only if the user is logged in, then I create and update the data inside the $_SESSION variable to indicate that the user is logged in, throughout the application.
So I don’t understand why the $_SESSION variable dies before its time… yes, as indicated, it is not affected by the cookies, but it is verified… the “__test” cookie is the one that is executed when closing and loading again the page… if the cookie that initializes the request is not the same one that was created to hold the session then the server side variable $_SESSION will not be loaded…
The __test cookie is not a session cookie. It’s a cookie set by our system and you cannot modify it. It doesn’t affect any other cookies you may have, including any PHP session cookies. A website can pretty much have as many cookies as you want. And a cookie with one name has no effects on a cookie with another name, they are completely separate.
The checks in initSession seem a bit irrelevant to me though. The session_start() function must always be called to start or resume a session. So you always need to call this function before you can use any session parameters.
The other code oddity I see is that you set the lifetime of the second cookie to a certain duration plus the current timestamp. But the parameter means “how long should the cookie be valid”, not “until when should the cookie be valid”. So adding the time() to your configuration value is why you get the extremely long validity on the cookie.
One thing to note is that while PHP will let you set an arbitrarily long duration for session cookies, the corresponding server files may get cleaned up sooner than that. It’s entirely possible that the server will indiscriminately delete old sessions regardless of your settings.
If you want to guarantee that state information is stored for a long time, you shouldn’t rely on session storage which is fairly lossy by design. Instead, you could set your own cookie with a token value, which you can then associate with other information in your database. That’s also how most “Remember Me” functions work.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
