Why do my SESSIONS not time out ?

[vincej]

Hi - Customer Access to my site is controlled through a login process. The userid is held in a SESSION. Looking at PHP MyAdmin the 

session.gc_maxlifetime

is 1440. However, I can continue to use the site even though I have been away for more than 1440.  The only way of killing the session is by totally closing the browser.

 

 

I would like to tim elimit a session, but clearly I am not doing something correct.

 

 

Any Advice as to what I need to do ?

 

 

Many Many Thanks !

[PFMaBiSmAd]

The session.gc_maxlifetime isn't for timing out sessions, it's for cleaning up old session data files. You shouldn't depend on the underlying operation of the session garbage collection to do anything your application depends on. Session garbage collection RANDOMLY runs, so old session data files can randomly exist long after they are older than the session.gc_maxlifetime value. Also, the last referenced time of the session data file is updated upon the session start, so if your session data file is older than the session.gc_maxlifetime value, but the file hasn't been delete yet when you access a page the has a session_start, your session will continue.

 

If you want some action to occur after a specific period of inactivity, you need to store a timestamp or datetime value and test on each page request if that timestamp or datatime value is farther in the past than you want and perform the desired action in your code.