Findings :
I have done some research on PHP Session and came accross the session.gc_maxlifetime value of 1440 seconds.
I've read on php.net that the maximum value of session.gc_maxlifetime is 65535.
Questions :
Is it possible to set my maxlifetime to more than 65535 seconds?
Why is the session value 1440?
What happens if we increase the session maxlifetime to more than 65535 seconds. the server configuration doesn't support this?
Related
Can someone please tell me how long my session will last from the data below? - I'm not sure which one tells me
session.auto_start Off Off
session.bug_compat_42 Off Off
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /var/lib/php/session /var/lib/php/session
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0
In general you can say session.gc_maxlifetime specifies the maximum lifetime since the last change of your session data (not the last time session_start was called!). But PHP’s session handling is a little bit more complicated.
Because the session data is removed by a garbage collector that is only called by session_start with a probability of session.gc_probability devided by session.gc_divisor. The default values are 1 and 100, so the garbage collector is only started in only 1% of all session_start calls. That means even if the the session is already timed out in theory (the session data had been changed more than session.gc_maxlifetime seconds ago), the session data can be used longer than that.
Because of that fact I recommend you to implement your own session timeout mechanism. See my answer to How do I expire a PHP session after 30 minutes? for more details.
This is the one. The session will last for 1440 seconds (24 minutes).
session.gc_maxlifetime 1440 1440
If session.cookie_lifetime is 0, the session cookie lives until the browser is quit.
EDIT: Others have mentioned the session.gc_maxlifetime setting. When session garbage collection occurs, the garbage collector will delete any session data that has not been accessed in longer than session.gc_maxlifetime seconds. To set the time-to-live for the session cookie, call session_set_cookie_params() or define the session.cookie_lifetime PHP setting. If this setting is greater than session.gc_maxlifetime, you should increase session.gc_maxlifetime to a value greater than or equal to the cookie lifetime to ensure that your sessions won't expire.
You're searching for gc_maxlifetime, see http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime for a description.
Your session will last 1440 seconds which is 24 minutes (default).
I have added the following lines in my htaccess file :
php_value session.cookie_lifetime 14400
php_value session.gc_maxlifetime 14400
Also have added a php.ini file in the root directory with the following code :
session.gc_maxlifetime = 14400
session.cookie_lifetime = 14400
Also inside the php code have added the following lines :
ini_set('session.cookie_lifetime',14400);
ini_set('session.gc_maxlifetime',14400);
setcookie("_lid", $lid, time() + 14400);
So basically the session should work for 4 hours. But it is getting timed out in about 24 mins or so which is the default timeout time in php.
I may be missing something. Would be great if someone can provide some inputs.
Thanks
I was having the exact same problem - the session.gc_maxlifetime & session.cookie_lifetime values were set but appeared to not be honoured... Then, I found a comment on an old thread which clearly needs a lot more recognition:
How do I expire a PHP session after 30 minutes?
Please note that at least two settings are crucial to setting the
session time, and maybe three. The two certainly crucial ones are
session.gc_maxlifetime and session.cookie_lifetime (where 0 is not the
same as some long number). For complete, 100% certainty of allowing
long times, it may also be necessary to set the session.save_path, due
to varying OS-controled cleanup time on the /tmp directory where
session files get stored by default. – #Kzqai Apr 7 '11 at 8:04
I can't figure out why my PHP sessions are timing out after 24 minutes even after I set session.gc_maxlifetime to a very high amount.
I specifically went into my /tmp folder to look at the session data files being created. Just as you would expect with PHP's garbage collecting, every so often the older files would be deleted. Every time, it seemed to be the files that were > 24 minutes old. This seems strange because the default of session.gc_maxlifetime is 1440 seconds (24 minutes). But I changed that variable, and nothing else in php.ini is set to 1440. What could possibly be causing this?
I can't understand...
If you don't want to have files older than 24 minute, then you don't need to change anything.
Otherwise, just extend the 1440 value to the one you need and restart Apache.
Which value did you assign to the session.gc_maxlifetime?
I already altered my php.ini in Apache to have these settings:
session.gc_maxlifetime = 1440
session.cache_expire = 1500
But my sessions are not that long. The problem is that I am not certain which settings would "do the trick"
Ideally I am looking for the right configuration to have the session last 12 hours. Could anyone help me with that?
do you also have set session.cookie_lifetime = 0 ?
and maybe somewhere in your scripts or some included scripts the session lifetime is set to another value?
The default "0" value means that the cookie stays alive until the browser is closed. This is also the default value, if not set in php.ini.
Source: http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
session.gc_maxlifetime is measured in seconds, so your setting of 1440 will expire after 24 minutes. (see: http://php.net/session.gc-maxlifetime)
For 12 hour session I believe you need:
session.gc_maxlifetime = 43200
session.cache_expire = 720
session.cookie_lifetime = 0
Have a look at:
session.cookie_lifetime x
Where x is the lifetime in seconds
Also, if you are on a shared host, make sure the session data under /tmp is not removed by the host with some sort of clean script. Some hosts clear /tmp every 10 minutes.
Can someone please tell me how long my session will last from the data below? - I'm not sure which one tells me
session.auto_start Off Off
session.bug_compat_42 Off Off
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /var/lib/php/session /var/lib/php/session
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0
In general you can say session.gc_maxlifetime specifies the maximum lifetime since the last change of your session data (not the last time session_start was called!). But PHP’s session handling is a little bit more complicated.
Because the session data is removed by a garbage collector that is only called by session_start with a probability of session.gc_probability devided by session.gc_divisor. The default values are 1 and 100, so the garbage collector is only started in only 1% of all session_start calls. That means even if the the session is already timed out in theory (the session data had been changed more than session.gc_maxlifetime seconds ago), the session data can be used longer than that.
Because of that fact I recommend you to implement your own session timeout mechanism. See my answer to How do I expire a PHP session after 30 minutes? for more details.
This is the one. The session will last for 1440 seconds (24 minutes).
session.gc_maxlifetime 1440 1440
If session.cookie_lifetime is 0, the session cookie lives until the browser is quit.
EDIT: Others have mentioned the session.gc_maxlifetime setting. When session garbage collection occurs, the garbage collector will delete any session data that has not been accessed in longer than session.gc_maxlifetime seconds. To set the time-to-live for the session cookie, call session_set_cookie_params() or define the session.cookie_lifetime PHP setting. If this setting is greater than session.gc_maxlifetime, you should increase session.gc_maxlifetime to a value greater than or equal to the cookie lifetime to ensure that your sessions won't expire.
You're searching for gc_maxlifetime, see http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime for a description.
Your session will last 1440 seconds which is 24 minutes (default).