Does a Javascript alert popup extend the PHP session?

Question

In an attempt to handle expiring PHP sessions more gracefully, I have inserted the following in my PHP code:

$sessionLifeTimeInSeconds = ini_get ("session.gc_maxlifetime");
echo '<script type="text/javascript">' . "\n" .
     '  setTimeout (function () {' . "\n" .
     '    alert ("Your login session will expire in 3 minutes.");' .
     "\n" .
     '  }, ' . ($sessionLifeTimeInSeconds - 180) * 1000 . ');' . "\n" .
     '</script>' . "\n\n";

Which works. However, now I notice that after clicking the 'OK' button on the javascript alert and no further activity whatsoever, the session does not expire when the timeout (the default 24 minutes in this case) has been reached.

Should the alert popup box extend the session? If so, can this be avoided and if so, how?

I'm using Firefox 44.0 on Ubuntu Linux, if that's relevant at all.

Answer 1

The popup box does not extend the session because the session is hold by the server for 24 minutes and only extends if there is an interaction with the server.

Try to do a server call via javascript in your javascript function to extend the php session, for example an AJAX Call to the root:

$sessionLifeTimeInSeconds = ini_get ("session.gc_maxlifetime");
echo '<script type="text/javascript">' . "\n" .
    '  setTimeout (function () {' . "\n" .
    '    alert ("Your login session will expire in 3 minutes.");' .
    '    xhttp.open("GET", "/", true);' .
    '    xhttp.send()' .
    "\n" .
    '  }, ' . ($sessionLifeTimeInSeconds - 180) * 1000 . ');' . "\n" .
    '</script>' . "\n\n";