by default, the session cookies lifetime is 0.
the browser interprets that as "hold onto this cookie until the browser is closed"
you can change that with session.cookie_lifetime
the default gc_maxlifetime is 1440 seconds. what that means is if the session file has not been modified in the last 1440 seconds(every time you start/continue a session, the file is modified even if the session vars dont change), that IF the session garbage collection 'is started', it will delete it.
the possibility that the garbage collection is started is determined by
session.gc_probability
session.gc_dividend
if the probability is 1, and the divisor is 100, then there is a
1/100 chance (1%) on each request, that garbage collection process will be started.
since its only a 1% chance, the session file could stay there for a very long time after 1440 seconds.
if you set the divisor to 1, and probability to 1, then garage collection would be started EVERY page request, (which isnt good performance wise).
you need to keep in mind though, if your on shared hosting, and your session files are in the same directory as the possibly 100 other websites on the same server, your session files will need to survive whatever settings the other websites are using too.
so you would most likely want to set your own session.save_path so your session files are in thier own directory, and then will only be affected by YOUR settings.
i havent tested it, but i would imagine if your user was idle for a while and thier session file got deleted, if they then made another page request and sent a session id, i beleive that session id would still be used, its just that the session wont contain any data anymore because their file is gone.
