Hi,

I'm currently working to improve the way we handle sessions on my website.
One thing I would like to modify is the session's lifetime. I had a look at the php documentation on php.net and found :

session.gc_maxlifetime : session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up.

If I have set php.ini so that :
session.gc_maxlifetime=1440
Does it mean the session's lifetime is 1440 seconds, from the moment the session has been first initialized ; or that each time the function session_start() is exectued, the session has a lifetime of 1440 seconds ?

thanks !

    The second part of your statement is correct.

    It defaults to 1440 seconds (24 minutes). This is the session inactivity timeout limit. When there's no activity (by the user) within the designated number of seconds, PHP will expire the session and consider it void/useless. Note that when the user does an activity like refresh the page or click on a link on your site (that invokes a session_start), the inactivity timer is reset back to zero. Meaning, that the user has another 24 minutes (in this example) from the last time they did something on your site before the session will expire; and so on and so on. Some people mistake it to mean that the session will expire after 24 minutes have elapsed from the time the session was first created. This is not so.

      It should perhaps be pointed out though that this value is a minimum inactivity timeout - it might actually last longer than that even if it remains inactive.

      PHP doesn't destroy the stored session data the instant its lifetime expires (24 minutes) because it would be too expensive to be constantly looking at all the sessions currently stored to see if any of them are garbage. Instead, sometimes when session_start is called it checks all the sessions currently alive to find the garbage ones. Controlling that is what those additional probability options are for.

        Write a Reply...