Ok, I looked through the manual and I've looked through a lot of the posts here. This one is driving me crazy. I'm using sessions to allow users access to various pages. The problem comes when a user is idle for a few minutes. The session is automatically destroyed if idle for 10 or 15 minutes. I would prefer to set this around 40 minutes. I set the session_cache_expire to 180 minutes, but that has had no effect. Help?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Yet another #$#!! Session Question 1
- Thread starter GiffordS
- Start date
-
1
- #3
sleipnir214
Programmer
There are three settings in PHP that determine session variable lifetimes.
First is session.cookie_lifetime. This sets, in seconds, the life of the session cookie. A value of zero (the default value) means the cookie lasts until the user shuts down the browser. This affects for how long the browser will continue to send the session cookie back to PHP when it connects to a script.
The next is session.gc_maxlifetime. This setting states how long before PHP decides the data in the server-side session store is "stale" and stops using the data in the store.
The third setting is session.gc_probability. This setting states the percent chance that, when you invoke session_start(), PHP's session garbage collection mechanism kicks off and removes old session stores.
The one that is probably most important to you right now is session.gc_maxlifetime -- set it to 24000. Set session.cookie_lifetime to zero and whatever you think appropriate for session.gc_probability
Want the best answers? Ask the best questions: TANSTAAFL!!
First is session.cookie_lifetime. This sets, in seconds, the life of the session cookie. A value of zero (the default value) means the cookie lasts until the user shuts down the browser. This affects for how long the browser will continue to send the session cookie back to PHP when it connects to a script.
The next is session.gc_maxlifetime. This setting states how long before PHP decides the data in the server-side session store is "stale" and stops using the data in the store.
The third setting is session.gc_probability. This setting states the percent chance that, when you invoke session_start(), PHP's session garbage collection mechanism kicks off and removes old session stores.
The one that is probably most important to you right now is session.gc_maxlifetime -- set it to 24000. Set session.cookie_lifetime to zero and whatever you think appropriate for session.gc_probability
Want the best answers? Ask the best questions: TANSTAAFL!!
- Thread starter
- #4
sleipnir,
Thanks for the response. I was aware of these functions but had misgivings and / or questions about each. Well, cookie_lifetime I knew wasn't the issue. But for gc_maxlifetime and gc_probability the manual seemed incomplete.
I am working on a site that sits on a shared server, which means that I can't touch php.ini at all. I can make some changes with .htaccess, but that's iffy as well. I don't think I can set gc_maxlifetime at the user level, can I? And if I could would it really matter? I mean, I was under the belief that garbage collection doesn't really read session names and the like. Could you clarify a little of this for me? Can I set maxlifetime in .htaccess? Can I set it at the individual session level?
Thanks for the response. I was aware of these functions but had misgivings and / or questions about each. Well, cookie_lifetime I knew wasn't the issue. But for gc_maxlifetime and gc_probability the manual seemed incomplete.
I am working on a site that sits on a shared server, which means that I can't touch php.ini at all. I can make some changes with .htaccess, but that's iffy as well. I don't think I can set gc_maxlifetime at the user level, can I? And if I could would it really matter? I mean, I was under the belief that garbage collection doesn't really read session names and the like. Could you clarify a little of this for me? Can I set maxlifetime in .htaccess? Can I set it at the individual session level?
sleipnir214
Programmer
Okay, here's the 100-foot view of PHP's sessions.
When a user points his browser to your site for the first time, when session_start() is invoked in the code, PHP generates a unique id then sets a cookie on the client. The name of that cookie is the value of session.name, the value of that cookie will be the unique id, and the expiration of that cookie will be the current time plus the value of session.cookie_lifetime.
When the script stops executing, PHP creates a file in the directory set by the value of session.save_path. The name of the file will be "session_" concatenated with the unique id. PHP writes to that file the serialized version of $_SESSION.
When that user hits other scripts in your site and those scripts invoke session_start(), PHP takes the id from the session cookie and looks in the session store to find the file associated with this user's session variables. It prepends "session_" to the unique id in the session cookie, reads the file, and deserializes the values in the file into $_SESSION.
When the session cookie expires in the browser, either by shutting down the browser (using cookies with no expiration) or by the time passing (using cookies with explicit expirations), the browser does not send the cookie back to PHP. If PHP does not receive the session cookie back, it cannot know which session store file to open. The session variables for that user are no longer available.
Every time a script invokes session_start(), PHP checks the values of session.gc_probability and session.gc_divisor. Basically it divides session.gc_probability by session.gc_divisor, generates a random number, and compares that number to the result of the division. If the random number is less than the result of the division, PHP fires off its garbage-collection mechanism.
When PHP's garbabe-collection mechanism operates, it compares the age of every session store file to the system clock and the value of session.gc_maxlifetime. If the file is older than the current time minus the value of session.gc_maxlifetime, then the garbage-collection mechanism deletes the file. Even if the user's browser provides a PHP session id to the script, the session variable store is gone, so the values are gone, too.
As scripts keep using sessions, the session file is refreshed at the end of each script run, so the file date on the file is being updated. This, I think, does not happen with cookies -- I believe that once PHP has received a session id cookie from the client browser, it does not change settings on the expiration of the cookie.
As far as where you can set PHP's session-handling configuration directives, the PHP online manual states (at that all session configuration directives but one can be changes in any of php.ini, httpd.conf, .htaccess files, or in user code using ini_set() ( The exception is session.use_trans_sid, which can only be set in php.ini, httpd.conf, and .htaccess. (This is all described in the table at . For information on what PHP_INI_ALL, etc., mean, look in the table at the bottom of )
Want the best answers? Ask the best questions: TANSTAAFL!!
When a user points his browser to your site for the first time, when session_start() is invoked in the code, PHP generates a unique id then sets a cookie on the client. The name of that cookie is the value of session.name, the value of that cookie will be the unique id, and the expiration of that cookie will be the current time plus the value of session.cookie_lifetime.
When the script stops executing, PHP creates a file in the directory set by the value of session.save_path. The name of the file will be "session_" concatenated with the unique id. PHP writes to that file the serialized version of $_SESSION.
When that user hits other scripts in your site and those scripts invoke session_start(), PHP takes the id from the session cookie and looks in the session store to find the file associated with this user's session variables. It prepends "session_" to the unique id in the session cookie, reads the file, and deserializes the values in the file into $_SESSION.
When the session cookie expires in the browser, either by shutting down the browser (using cookies with no expiration) or by the time passing (using cookies with explicit expirations), the browser does not send the cookie back to PHP. If PHP does not receive the session cookie back, it cannot know which session store file to open. The session variables for that user are no longer available.
Every time a script invokes session_start(), PHP checks the values of session.gc_probability and session.gc_divisor. Basically it divides session.gc_probability by session.gc_divisor, generates a random number, and compares that number to the result of the division. If the random number is less than the result of the division, PHP fires off its garbage-collection mechanism.
When PHP's garbabe-collection mechanism operates, it compares the age of every session store file to the system clock and the value of session.gc_maxlifetime. If the file is older than the current time minus the value of session.gc_maxlifetime, then the garbage-collection mechanism deletes the file. Even if the user's browser provides a PHP session id to the script, the session variable store is gone, so the values are gone, too.
As scripts keep using sessions, the session file is refreshed at the end of each script run, so the file date on the file is being updated. This, I think, does not happen with cookies -- I believe that once PHP has received a session id cookie from the client browser, it does not change settings on the expiration of the cookie.
As far as where you can set PHP's session-handling configuration directives, the PHP online manual states (at that all session configuration directives but one can be changes in any of php.ini, httpd.conf, .htaccess files, or in user code using ini_set() ( The exception is session.use_trans_sid, which can only be set in php.ini, httpd.conf, and .htaccess. (This is all described in the table at . For information on what PHP_INI_ALL, etc., mean, look in the table at the bottom of )
Want the best answers? Ask the best questions: TANSTAAFL!!
ah I think I give it a try again with the sessions with this information. I had the problem that they get disappearing randomly even with a expiration time of one year. so I did a check on the main page to see if there was a session and if not I looked up the user with the ip adress and created a session again.
very frustrating construction for couples on my forum which shared an ip adress
very frustrating construction for couples on my forum which shared an ip adress
- Status
Similar threads