rash805115
commented
10 years ago PS: Refreshing the cookie is not an option because then we won't be able to tell when the session must "age" which by default is 1 week.
Closed rash805115 closed 10 years ago
rash805115
commented
10 years ago PS: Refreshing the cookie is not an option because then we won't be able to tell when the session must "age" which by default is 1 week.
paulocmguerreiro
commented
10 years ago Have you fixed it already? Or can I have a look at it?
rash805115
commented
10 years ago NO..I haven't fixed it..
On Sat, Oct 26, 2013 at 6:33 PM, Paulo Guerreiro notifications@github.comwrote:
Have you fixed it already? Or can I have a look at it?
— Reply to this email directly or view it on GitHubhttps://github.com/OWASP/phpsec/issues/78#issuecomment-27157307 .
Regards, Rahul Chaudhary Ph - 412-519-9634
mebjas
commented
10 years ago I guess you have solved this issue @rash805115
While doing RNJ, I noticed that session expires after 30 min, even if the user is active. 30 min is the inactivity time.
When I backtraced this, I found that inactivity time is calulated by the time that the session cookie was created. Now, every time the user is doing something, the initial time is not changed, hence after every 30 min, the session expires.
Solution: In the session database, we have to keep updating "last_activity" whenever we get any request from user.