How to increase or decrease the lifetime of a session?

[mukunthan]

Hi ,

How to increase or decrease the lifetime of a session?

My requirement is session should timeout and all the session variables should be unset automatically after the prescribed time limit.

I used this code but the session did not timeout.Why?

ini_set("session.gc_maxlifetime", "60"); // should timeout after 1minute

[Maq]

ini_set("session.gc_maxlifetime", 60);

[mikeschroeder]

I believe this is due to the fact that the session garbage collector is run based on probability.

 

; Define the probability that the 'garbage collection' process is started
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.

session.gc_probability = 1
session.gc_divisor     = 100

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440

 

So the busier the server is, the more likely the session will be expired at 60 secs. However, if the server is something like xampp on your local machine your odds of triggering the garbage collector are small.

 

If you raise the value of `session.gc_probability` the frequency of the garbage collector running should increase.

 

[Maq]

; After this number of seconds, stored data will be seen as 'garbage' and

; cleaned up by the garbage collection process.

session.gc_maxlifetime = 1440

 

This is what matters, not the probability of how often the gc process starts.  It wouldn't matter because the gc process wouldn't see the session as garbage until after the set number of seconds has passed, even if you set the probability to 1/1.

[mikeschroeder]

session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. Garbage collection occurs during session start.

 

session.gc_probability in conjunction with session.gc_divisor is used to manage probability that the gc (garbage collection) routine is started. Defaults to 1. See session.gc_divisor for details.

 

session.gc_divisor coupled with session.gc_probability defines the probability that the gc (garbage collection) process is started on every session initialization. The probability is calculated by using gc_probability/gc_divisor, e.g. 1/100 means there is a 1% chance that the GC process starts on each request. session.gc_divisor defaults to 100.

 

If the garbage collector doesn't run at session start, the session will not be cleaned up.

 

I did however miss the syntax error originally posted. But, if he wants sessions to truly be expired at 60 secs, no more no less, than it depends a lot on the probability of the gc being run.

 

[PFMaBiSmAd]

A session is just a container. Don't rely on the garbage collection (GC) to end anything. By shortening the session.gc_maxlifetime and causing GC to run on every session start, you prevent a session from being used for any other purpose.

 

If you want a login or anything else to end after a specific amount of time, store the starting time in the session or a database and then check on each page access/request if the starting time is over a limit you pick in the past and take appropriate action.