Page 1 of 1
Posted: Sun Nov 24, 2002 5:32 am
What should the session length be set to?
Posted: Sun Nov 24, 2002 5:38 am
I keep mine set to 900 (seconds). If you have high traffic, you can reduce the possibility of getting your sessions table filled up again by going to a lower amount, like 60 (one minute), but that puts a slightly higher drain on the server and database, as it is having to do more processing to clear out rows and whatnot.
There shouldn't be anything wrong with just using the default of 900 though, unless you want the time to be reported more accurately, then just lower the number to whatever you consider reasonable.
Posted: Sun Nov 24, 2002 5:39 am
so do you think it being set to 6000 might have been the problem?
Posted: Sun Nov 24, 2002 5:47 am
Well, that's 100 minutes, which is kind of overboard. I would definitely knock that down if I were you.
Basically, session length is the answer to the following questions:
"How long am I going to stay logged in if I don't select [keep me logged in]?"
"To how many seconds is the 'Who's Online' feature accurate?"
Those really don't need to be any longer than 5, 10, or 15 minutes at most really, unless you have people that absolutely refuse to let phpBB set a cookie, and even then it's not going to be too inconvenient, as the session time renews every time they click on a link (as I explained in the other thread). So, if the session length is 10 minutes, it will log them out after 10 minutes of sitting idle. If they log in, are idle for 2 minutes, then click a link, they've got another 10 minutes before they're timed out.
Posted: Sun Nov 24, 2002 5:49 am
yeah, I set that when I first set it up, and didnt really know what it was for. How do you know so much about this stuff if youre a new user? Or are you?
Posted: Sun Nov 24, 2002 5:51 am
I'm not really a new user, I just don't post here much.
I've been using phpBB for awhile now and I've modified my own enough (without the use of any third-party mods) that I've gotten to understand it pretty well.
Posted: Sun Nov 24, 2002 9:57 am
it is neither necessary nor recommended to use significantly higher values than 3600 (default), because this might constitute a security risk for users who login from "public" computers.