Very Quick, simple, session expiry question.

[johnsmith153]

session.cookie_lifetime is currently set to 0 (I believe that means it stays active until the browser is closed)

 

session.gc_maxlifetime is currently set to 1440 (24 minutes. Something about garbage collector lifetime.)

 

(I can change php.ini etc no problem or even set in script.)

 

My questions.

 

1. Will my session last until browser closes, or will it only last 24 minutes (I.e is it overidden by the max life time.) - are these two related?

(I want a 40 minute session.)

2. Should I use the above commands and change or should I just leave and use something like:

 

$expiretime = 60*40;

$_SESSION['expire'] = time()+$expiretime; // Set when you login

if ($_SESSION['expire'] > time()) // Checks if session is still valid on every page

[btherl]

gc_maxlifetime is like an idle timeout - if the user doesn't hit a page with the session active for 24 minutes, then the session will disappear.  It sounds like you should increase this to 40 minutes to get the behaviour you want.

 

The relationship between the two settings is that if either runs out, the session is destroyed.  So it's an "or" relationship.

[revraz]

GC is not always running, so it won't always disappear.  It depends on the GC probability when the GC will actually run.

[PFMaBiSmAd]

And if you are on a shared hosting server using the default session.save_path, the shortest session.gc_maxlifetime being set by any of the scripts will win and delete your session data files when GC runs. So, you need to change the session.save_path to be a folder within your account space.