Theoretically, if a PHP session ID is stored in a cookie that has a lifetime of 365 days, will the session ID resume the right session data on day 365 or will the related session data be timed out/deleted due to the session lifetime settings?
And how long can/should I store and use a session ID?
In theory you can store it as long as you want, but you will be needlessly using up resources. The default is 20 minutes and can be adjusted in php.ini by setting the session.gc_maxlifetime parameter. If you need to persist data for longer than that, it would make sense to put it into a database rather than the session.
Theoretically, if a PHP Session ID is stored in a Cookie that has a lifetime of 365 days, will the Session ID will resume the right session on day 365 or will the related Session be timed out due to the Session lifetime settings?
The cookie just stores the session id that will identify the session.
If there is a session file corresponding to that id, the session will be resumed – otherwise, a new empty session with that id will be created.
The session.gc_maxlifetime option is rather misnamed – in fact it is a minimal lifetime. If this timespan has passed after the session file was last accessed, the session garbage collector is allowed to wipe that file from disk – but it is not guaranteed that this will happen immediately, because the garbage collector is called randomly (with what probability on every request can also be configured).
And how long can/should I store and use a Session ID?
For as long as you need it …?
That depends on what you are trying to do, how you have sessions configured, etc.
session id's last for the same as session.gc_maxlifetime. check php.ini or phpinfo() to see what yours is set too, the default is 1440 seconds (24 minutes). although if you close the browser and dont recover the session id via a cookie or some other means, the session is then still closed.
