I have put:
php_value session.gc_maxlifetime 1
in my .htaccess file so my PHP Sessions should expire after 1 second but they are not.
I set a session and its still set after a few hours.
If i look at phpinfo() the session.gc_maxlifetime is set to 1 on the local value
any ideas why this is not working
As the php manual says:
session.gc_maxlifetime integer :
session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up.
Garbage collection may occur during session start (depending on
session.gc_probability and session.gc_divisor).
Note: If different scripts have different values of session.gc_maxlifetime but share the same place for storing the
session data then the script with the minimum value will be cleaning
the data. In this case, use this directive together with
session.save_path.
session.gc_probability integer:
session.gc_probability in conjunction with session.gc_divisor is used to manage probability that the gc (garbage collection) routine is
started. Defaults to 1. See session.gc_divisor for details.
session.gc_divisor integer
session.gc_divisor:
coupled with session.gc_probability defines the probability that the
gc (garbage collection) process is started on every session
initialization. The probability is calculated by using
gc_probability/gc_divisor, e.g. 1/100 means there is a 1% chance that
the GC process starts on each request. session.gc_divisor defaults to
100.
You also can refer this post.
Related
gc_maxlifetime is already set to 24 minutes, but when each application has a different sess_expiration. One of them is set to 9000 seconds (2 1/2 hours). The app is expired based on gc_maxlifetime not sess_expiration. Why is that? How can the sess_expiration work if it is longer than gc_maxlifetime?
Reading from here: why ini_set('session.gc_maxlifetime',60) doesn't work? and here: https://www.dev-metal.com/how-the-php-session-garbage-collector-really-works/
Because garbage collector starts (if starts) before session
I think that the gc_maxlifetime fires before your CI session handler and for this it 'wins'.
For not being forced to modify your php.ini file, you could try to set it before each session_start:
ini_set("session.cookie_lifetime","7200");
ini_set("session.gc_maxlifetime","7200");
session_start();
Or in your .htaccess file:
php_value session.gc_maxlifetime 7200
php_value session.cookie_lifetime 7200
You could read more here: Codeigniter increase session time out not working
Hope it helps!
Not really as simple as you've put it ...
It is true that gc_maxlifetime is what determines if a session should be deleted or not, because that's effectively the "server-side timer" that counts towards the deletion of a session - there's one on the client side as well, because that's where cookies are stored.
However, CodeIgniter will set gc_maxlifetime to the same value that you put in sess_expiration, unless it is 0 (in which case it uses your php.ini value).
But something else in your question may be important:
but when each application has a different sess_expiration. One of them is set to 9000 seconds (2 1/2 hours)
If you are using the same sess_save_path, sess_cookie_name, sess_match_ip on the same server, but for multiple applications ... then the application with the lowest sess_expiration value will at some point delete sessions that you intended to be still valid for others.
TL;DR: Don't use the same session "space" for separate applications.
Just a basic question, if you open a session when a user visits the main page and you store the session id. When would that user return say another day/time and the id be different?
this depends on how the PHP is configured. specifically these settings control how often a php session id is "erased" by garbage collector:
http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime
session.gc_maxlifetime specifies the number of seconds after which
data will be seen as 'garbage' and potentially cleaned up. Garbage
collection may occur during session start (depending on
session.gc_probability and session.gc_divisor).
http://php.net/manual/en/session.configuration.php#ini.session.gc-divisor
session.gc_divisor coupled with session.gc_probability defines the
probability that the gc (garbage collection) process is started on
every session initialization. The probability is calculated by using
gc_probability/gc_divisor, e.g. 1/100 means there is a 1% chance that
the GC process starts on each request. session.gc_divisor defaults to
100.
http://php.net/manual/en/session.configuration.php#ini.session.gc-probability
session.gc_probability in conjunction with session.gc_divisor is used
to manage probability that the gc (garbage collection) routine is
started. Defaults to 1. See session.gc_divisor for details.
As far as i know the default php session.gc_maxlifetime is 1440 seconds (24 minutes). The more visits you have in your site the most "accurate" these statistics are since all this algorithm will run more often.
A tricky edge case: if you start a session and then NEVER get any other visit to your site, the garbage collector algorithm will never run, hence the session will never expire! If you can understand this, i think you have understood this answer.
I want to retrieve the value of session.gc_maxlifetime from the PHP server settings ( the time after which the session expires after no activity ).
Very important : I do not want to change it, I only wish to retrieve its value ( maybe the value is different from server to server ) and I want to use a PHP script that I made to warn users properly, depending on the settings of those server.
Thank you.
That's where ini_get function comes in hand:
$maxlifetime = ini_get("session.gc_maxlifetime");
From manual we read:
session.gc_maxlifetime integer
session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up. Garbage collection may occur during session start (depending on session.gc_probability and session.gc_divisor).
session.gc_maxlifetime is not the time after which the session expires after no activity. gc here may be mean garbage collenction.
As the php manual says,
session.gc_maxlifetime specifies the number of seconds after which
data will be seen as 'garbage' and potentially cleaned up. Garbage
collection may occur during session start (depending on
session.gc_probability and session.gc_divisor).
Note: If different scripts have different values of
session.gc_maxlifetime but share the same place for storing the
session data then the script with the minimum value will be cleaning
the data. In this case, use this directive together with
session.save_path.
For more refer to this post.
i want to set session time out limit by 3 min ,
i have used this in the page
ini_set("session.gc_maxlifetime", "50"); not working
Solution for this
if (isset($_SESSION['LAST_ACTIVITY'])
&& (time() -
$_SESSION['LAST_ACTIVITY'] > 1800)) {
// last request was more than 30 minates ago
session_destroy(); // destroy session data in storage
session_unset(); // unset $_SESSION variable for the runtime }
$_SESSION['LAST_ACTIVITY'] = time();
// update last activity time stamp
Three variables are used to define the garbage collection behavior of PHP session variables:
session.gc_maxlifetime is the lifetime in seconds for the session
files (default value: 1440 = 24 minutes)
session.gc_probability is
the nominator for the probability to execute the garbage collector
(default = 1)
session.gc_divisor is the denominator for the
probability to execute the garbage collector (default = 100 or 1000)
The nominator and denominator are used together to determine the probability (nominator / denominator). So when session.gc_probability is 1 and session.gc_divisor 100 this is 1 / 100 = 1 %. So 1 % of every page visit (= every session_start call) the garbage collector is executed.
If you want to test how your session expires, you need to set session.gc_probability and session.gc_divisor to 1, so each page visit will cause the garbage collector to run. Furthermore you need to use two different browsers for the test.
The session of the first browser becomes cleaned when you visit your page with the second browser (and the session of the first browser is timed out). In my tests, when you use only one browser, the session becomes automatically extended although it is outdated.
The session will live as long as the file is left on the server's file system. They are cleaned out by a garbage collector. The garbage collector is run approximately every hundred page loads on the server (this is rather random, the "every hundred" page loads is just an average).
Also, the age of the session is inactive age, not total age. The timer will be reset for that session every time the user does a request.
The unit for the session.gc_maxlifetime value is seconds. So you would need to set it to 180 seconds to express 3 minutes.
But besides that, session.gc_maxlifetime is not reliable (see this post for an explanation). You should better implement that on your own to have your session expired after exactly 3 minutes.
Anybody can help on how to increase session expiry in php through htaccess?
So far I got this:
php_value session.cookie_lifetime 14400
php_value session.gc_maxlifetime 14400
php_value session.gc_probability 1
php_value session.gc_divisor 1
If I'm not mistaken, the life time of the cookie will be of 4 hours. What I'm trying to do is to increase the idle time of the session only, not the session cookie. Right now, after 4 hours I get kick out from my app. Can someone help me on how to o this?
Thanks
The lifetime of the session is bound to cookie_lifetime and gc_maxlifetime, which are respectively the lifetime of the cookie and the lifetime of data into your session. That being said, a session can't survive without a cookie so cookie_lifetime as to be greater or equal to gc_maxlifetime; otherwise, no garbage collection of your data will be done and cookie will expire before any data can possibly expire.