Auth0 Home Blog Docs

Timeout using PHP Library and Lock

lock
timeout
timeout-error
php

#1

I’ve been using Lock for quite some time now, along with the PHP SDK and it has been reported that there is an issue with users being logged out after less than 30 minutes regardless of the session timeout being set to 36,000 seconds.

Is there anywhere else that timeouts are set that could be causing this?


#2

To my knowledge the SDK just delegates to the session store you want to use (PHP session is the default) so the issue should not be related to the SDK itself as I could not find any possibly logic at the SDK level that could impact the expiration you configured.

Given this highly depends on how you configured your application you may want to update the question with more information.


#3

I wasted at least a day on this.

Modifying values in the script via ini_set looks like it works when you output information via phpinfo but the php session was still lost after 30 minutes of inactivity.

You need to modify the godaddy php.ini file to get this working

The values you need to set are described in StackOverflow: How do I expire a PHP session after 30 minutes?

What it doesn’t discuss is that in a shared hosting environment your php.ini might be incorrectly set to /tmp and other PHP instances might be running with garbage collection and deleting your files, or some other rogue process is deleting files. GoDaddy’s documentation says files are deleted after 7 days in /tmp.

You need to change session.save_path to something within your control, e.g:

session.save_path=/home//tmp

Step 0.

Have a debug page with a call to phpinfo() in it, you might also want to debug $_SESSION variables as well.

I also dump out some other useful debug information into that debug table:

<tr>  
  <td class="e">session_save_path
  </td> 
  <td class="v">
    <?=session_save_path()?>
  </td> 
</tr> 
<tr> 
  <td class="e">session.auto_start
  </td> 
  <td class="v">
    <?=ini_get('session.auto_start')?>
  </td> 
</tr> 
<tr> 
  <td class="e">session.gc_maxlifetime
  </td> 
  <td class="v">
    <?=ini_get('session.gc_maxlifetime')?>
  </td> 
</tr> 
<tr> 
  <td class="e">session.gc_probability
  </td> 
  <td class="v">
    <?=ini_get('session.gc_probability')?>
  </td> 
</tr> 
<tr> 
  <td class="e">session.gc_divisor
  </td> 
  <td class="v">
    <?=ini_get('session.gc_divisor')?>
  </td> 
</tr> 
<tr> 
  <td class="e">memory_limit
  </td> 
  <td class="v">
    <?=ini_get('memory_limit')?>
  </td> 
</tr> 
<tr> 
  <td class="e">session.cookie_lifetime
  </td> 
  <td class="v">
    <?=ini_get('session.cookie_lifetime')?>
  </td> 
</tr>

Step 1.

Check where the php.ini file should go., I will not describe how to determine which service type you have, just try every location if you can’t figure it out.

Note: the Loaded Configuration File and Additional .ini files parsed values that phpinfo() show before you provide your own php.ini are not the locations where you should be uploading the file.

Step 2.

Rerun you script from Step 0. and see if the session.gc_maxlifetime has changed.

Trouble Shooting

After making the change and reading the php.ini/.user.ini Changes Not Taking Effect documentation - it was still not working.

This was the point where I rang support who told me for the cPanel version needed to be in /public_html, and to prove them wrong I reloaded my Step 0. file - and the values were now updated.

So I expect that you may need to wait 5 to 10 minutes before the changes take effect.


#4