User session timeout

[fakeDecoy]

My webhost just upgraded my server from PHP 5.3 to 5.5. I lost the custom php.ini file I had been using. Something in that file was forcing sessions to last a long time, and I can't figure out what it was. I want it back. Now every user times out after 24 minutes, which is costing me a ton of sales, because of the nature of my site is such that users often take hours or days to purchase.

I tried switching my PHP version back to 5.3 and using a .user.ini file with the below value. I ran a phpinfo and I see that this is set to 172800 as the "local" value, but the "master" value is 1440.

Code:

session.gc_maxlifetime = 172800

Is the problem that the "master" value is 1440? Is there another setting I need to change?

[kobra]

No the local value overrides the server set value

[fakeDecoy]

No the local value overrides the server set value

What do you suggest could be the problem? Maybe there's something else in php.ini?

This is a copy and paste from the line of my phpinfo display. The first number is local value, the second is master value. My sessions are timing out after 24 mins. Why?

session.gc_maxlifetime 172800 1440

[fakeDecoy]

Also, I ran admin/server_info.php, and the session settings it's showing there are different than the output from a script running phpinfo() in my zencart catalog (running PHP via an ezpage hack). In the admin, my sessions last indefinitely, as long as my browser session. That's how I want it to work. So I just need to make the rest of zc like the admin.
Is there any particular setting that stands out? The local values of session.gc_maxlifetime is already acceptably high for both.



Here they are, both PHP 5.3, domain name redacted:

from zc admin:

Code:

Directive	Local Value	Master Value
session.auto_start	Off	Off
session.bug_compat_42	On	On
session.bug_compat_warn	On	On
session.cache_expire	180	180
session.cache_limiter	nocache	nocache
session.cookie_domain	.www.mydomain.com	no value
session.cookie_httponly	On	Off
session.cookie_lifetime	0	0
session.cookie_path	/sysop	/
session.cookie_secure	Off	Off
session.entropy_file	no value	no value
session.entropy_length	0	0
session.gc_divisor	2	100
session.gc_maxlifetime	99999	1440
session.gc_probability	1	1
session.hash_bits_per_character	4	4
session.hash_function	0	0
session.name	zenAdminID	PHPSESSID
session.referer_check	no value	no value
session.save_handler	user	files
session.save_path	/home/mystore/public_html/cache	/tmp
session.serialize_handler	php	php
session.use_cookies	On	On
session.use_only_cookies	On	On
session.use_trans_sid	0	0

and from zc catalog:

Code:

Directive	Local Value	Master Value
session.auto_start	Off	Off
session.bug_compat_42	On	On
session.bug_compat_warn	On	On
session.cache_expire	180	180
session.cache_limiter	nocache	nocache
session.cookie_domain	.www.mydomain.com	no value
session.cookie_httponly	On	Off
session.cookie_lifetime	0	0
session.cookie_path	/	/
session.cookie_secure	Off	Off
session.entropy_file	no value	no value
session.entropy_length	0	0
session.gc_divisor	2	100
session.gc_maxlifetime	172300	1440
session.gc_probability	1	1
session.hash_bits_per_character	4	4
session.hash_function	0	0
session.name	zenid	PHPSESSID
session.referer_check	no value	no value
session.save_handler	user	files
session.save_path	/home/mystore/public_html/cache	/tmp
session.serialize_handler	php	php
session.use_cookies	On	On
session.use_only_cookies	On	On
session.use_trans_sid	0	0

[mc12345678]

Wish I could readily find/remember what changes are necessary, but you say that the nature of your site results in customers taking an extended time to purchase. Is the time involved in manipulating the product and info to get the product to the cart, or in "deciding" to purchase what is in the cart?

If the later, then if the customers were logged in (forced?) then items in their cart would remain with them and not lost...

Perhaps with the business need further described the assistance needed to make this happen (or perhaps a better method) will be provided?

[fakeDecoy]

Wish I could readily find/remember what changes are necessary, but you say that the nature of your site results in customers taking an extended time to purchase. Is the time involved in manipulating the product and info to get the product to the cart, or in "deciding" to purchase what is in the cart?

If the later, then if the customers were logged in (forced?) then items in their cart would remain with them and not lost...

Perhaps with the business need further described the assistance needed to make this happen (or perhaps a better method) will be provided?

They could buy quick, but the average order value is high enough that they shop around a bit. Finally they learn my prices are the lowest, create an account, and pull the trigger. A session lasting a full day would be good enough to catch the people who shop in the morning and come back in the evening, but indefinitely would be better. Heck, maybe the admin only lasts a day if that 99999 seconds is right. I work in the admin so often that maybe I rarely have a chance to test that.

People at this point generally know they need to log in to save their cart, but sometimes they are shopping around or get busy at work, and their cart still waiting for them on a temp session will save some frustration and abandonment.

I know on Amazon my cart is always there for days and days, as on other sites, so let's not pretend that this deal with carts expiring after 24 mins is the standard. I need to log in again on Amazon, but it still has my cart waiting before I even log in. I guess that's a distinction I haven't made. I'm ok with forcing a login again after a few hours, but the cart should last much longer even without logging in.

[lat9]

You could also try the "Keep Cart" (https://www.zen-cart.com/downloads.php?do=file&id=992) plugin, which stores the customer's cart in a cookie.

[RescoCCC]

If you look at your includes/functions/sessions.php file, you'll find this line:

$SESS_LIFE = 1440;