I'm playing around with a zen-cart, and I'd like to have it so that a customers session doesn't expire after 24 mins, which appears to be the default.
After googling and hoking the zen-cart website it doesn't seem anyone has an answer to this (plenty of answers on how to change the Admin logout session time - I want people using the actual site to have longer sessions). I guess it's probably a security thing, none the less, I've looked into it now and can't figure out the code:
if (IS_ADMIN_FLAG === true) {
if (!$SESS_LIFE = (SESSION_TIMEOUT_ADMIN > 900 ? 900 : SESSION_TIMEOUT_ADMIN)) {
$SESS_LIFE = (SESSION_TIMEOUT_ADMIN > 900 ? 900 : SESSION_TIMEOUT_ADMIN);
}
} else {
if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
$SESS_LIFE = 1440;
}
}
I've tried changing the 1440 to 86400 (a day) but that didn't seem to work. I'm not completely sure what the line
if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
does with that ! and only one = after. I guess this is the problem? Can anyone enlighten me?
if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
$SESS_LIFE = 1440;
}
This gets the value of session.gc_maxlifetime from the runtime-configuration, and sets it as $SESS_LIFE.
If the value of $SESS_LIFE is zero, it executes $SESS_LIFE = 1440;
Change this timeout inside: php.ini or using
ini_set('session.gc_maxlifetime', 86400);
Or in your .htaccess, you can add the lines:
php_value session.gc_maxlifetime 86400
Reference: get_cfg_var,