I am trying to get my session to automatically end after 30 minutes of inactivity. In my php.ini file I have:

session.gc_maxlifetime = 1800

However, even after the 30 minutes is up, the session is still open and active. I've tried testing this with different values (down to 10 seconds), and each time I do a phpInfo() to make sure the change is reflected (it is), but it doesn't ever work. Here's what my phpInfo(): Session section looks like:

Directive / Local Value / Master Value
session.auto_start / Off / Off
session.bug_compat_42 / On / On
session.bug_compat_warn / On / On
session.cache_expire / 180 / 180
session.cache_limiter / nocache / nocache
session.cookie_domain / no value / no value
session.cookie_lifetime / 1800 / 1800
session.cookie_path / / / /
session.cookie_secure / Off / Off
session.entropy_file / no value / no value
session.entropy_length / 0 / 0
session.gc_divisor / 100 / 100
session.gc_maxlifetime / 1800 / 1800
session.gc_probability / 1 / 1
session.name / PHPSESSID / PHPSESSID
session.referer_check / no value / no value
session.save_handler / files / files
session.save_path / /tmp / /tmp
session.serialize_handler / php / php
session.use_cookies / On / On
session.use_only_cookies / Off / Off
session.use_trans_sid / Off / Off

Any ideas why this wouldn't work?

    That's because with your current setup, garbage collection only happens approximately 1/100 times. See the manual ([man]session[/man]) to understand more about garbage collection (e.g. look at what gc_divisor and gc_probability do).

    The way I normally do this is store a value in the session called "last_activity" and on every page, update it with the current timestamp - time(). That way, on every page, you can check if the current timestamp minus 30 minutes is greater than their last activity. If it is, expire the session and log them out.

      Write a Reply...