[thelist] php session variable needs to persist

Juha Suni juha.suni at ilmiantajat.fi
Wed Nov 9 08:46:26 CST 2005 

Garth Hagerman wrote:
> I've got a  system using sessions
> which tracks the original referrerr as the visitor moves around the
> site just fine, but when they leave the site to go to Paypal and then
> come back to the "thanks for your order" page, the sessions data has
> been lost.  Is there a simple way to get the session data to persist?
> Or, do I need to write the referrer to a database and then query the
> db from the thanks page?

Even after reading other peoples posts about this subject, it still seems 
people make it more complicated than it is.

Under normal circumstances leaving your site and coming back a bit later 
(with the same browser window etc) should not break the session at all. I 
just tested this with two sites on different domains and servers, and 
bouncing between them causes no problems; They both remember their own 
sessions perfectly well (Why wouldn't they, the browser still has the cookie 
which it deals out as necessary since the window has not been closed).

Even if this would break the session in the same way that closing a window 
does, it could easily be overcome. PHP Sessions default their 
cookie-lifetimes to 0 (meaning that browser clears these cookies on close 
and therefore can no longer provide the session id), but this can be changed 
to be a specified time. (for example using session_set_cookie_params(900) 
before calling for session_start()). This way, even if the window was 
closed, the browser would remember the cookie with the session id, and hence 
the session would be remembered if the user came back within 15 minutes. 
This is also tested [1].

I just wanted to point out that you dont need to go the route of manually 
setting up cookies since the PHP sessions already support their use and 
parameters rather well.

Considering the above, I think there is something else going wrong if the 
session is not staying alive as it should.

[1] Note that if the session_cookie_lifetime is increased beyond garbage 
collection limits (default on apache is 24 minutes I think) then the garbage 
collection rules need to be modified too in order for the session to stay 
alive that long. Otherwise even if the cookie still exists in the browser, 
the actual session data from the server might have been purged.

HTH

-- 
Suni

More information about the thelist mailing list