7

Currently my session.gc_maxlifetime is set to default, thus 1440 seconds.

I would like to set the maxlifetime to a month, 4*7*24*60*60 seconds. However, I've read on php.net that the maximum value of session.gc_maxlifetime is 65535.

Is it therefor impossible to set my maxlifetime to more than 65535 seconds?

Nijn
  • 388
  • 6
  • 22
  • Are you sure this is actually the maximum value? The info in the manual is a user comment. According to [this bug report](https://bugs.php.net/bug.php?id=45871) higher values are possible. – Vatev Apr 02 '14 at 07:02
  • I am interested in what problem you are trying to solve by delaying the 'garbage collection' for so long. – Ryan Vincent Apr 02 '14 at 07:08
  • @Vatev - Thanks for the link. Does the maximum depend on the session.save_handler? From what I understand from scottmac@php.net it could. @Ryan Vincent - Right now I have set my `session_set_cookie_params(4*7*24*60*60)` in my phpinfo() I read that the `session.cookie_lifetime` is indeed this value. However after 24 minutes (the maximum lifetime set by `session.gc_maxlifetime`) kills it. – Nijn Apr 02 '14 at 07:11
  • what information are you keeping in the session that needs to be there for a long time? – Ryan Vincent Apr 02 '14 at 07:13
  • 3
    I don't want the user to login again every day. – Nijn Apr 02 '14 at 07:15
  • It depends on the save handler because the handler stores the data and does the garbage collecting. Also extending the session lifetime is not the correct solution to your problem. The default behaviour of most browsers is to remove the session cookies when the browser is closed. There are several tried and tested ways to make persistent logins, look around and pick one that fits your requirement. – Vatev Apr 02 '14 at 07:19
  • 3
    Ok, then store the fact that the user logged in in a separate cookie. do not store the 'remember me' details in the session. For a really good explanation see this **stackoverflow question: http://stackoverflow.com/questions/549/the-definitive-guide-to-form-based-website-authentication#477579** – Ryan Vincent Apr 02 '14 at 07:22
  • Great comment! Thanks! Indeed much better than prolonging the session cookie lifetime – Nijn Apr 02 '14 at 07:41
  • I have a cookie set only by users of a progressive web app and I don't want them ever logged out even if their session is considered "garbage" by not logging in after a few weeks. – Alex Borsody May 21 '20 at 20:23
  • Permanent session is not solution for your task. Check chapter PART II: How To Remain Logged In - https://stackoverflow.com/questions/549/the-definitive-guide-to-form-based-website-authentication#477579 – Jsowa May 26 '20 at 04:24

2 Answers2

2

yes it is possible, if you do self session handler

then PHP garbabe collector will not handle your sessions

session_set_save_handler()

see http://cz1.php.net/manual/en/function.session-set-save-handler.php

user5332
  • 758
  • 2
  • 9
  • 17
  • This isn't really the question. it's regarding this comment php.net/manual/en/session.configuration.php#107990 stating that the maximum value of session.gc_maxlifetime is 65535. – Alex Borsody May 31 '20 at 15:26
0

yes you can do that by using cookies.

      setcookie("gc_maxlifetime", YOUR COOKIE VALUE, time() + YOUR 
    REQUIRED TIME);
      if(isset($_COOKIE['gc_maxlifetime']))
     {
    $_SESSION['gc_maxlifetime'] = $_COOKIE['gc_maxlifetime'];
       }

now this way the session becomes the cookie and will expire when the cookie expires.

  • Yeah of course you can set it to this value, that's not the question you can set the value of maxlifetime various config files too. Its regarding a comment in the php docs stating that 65535 seconds is the maximum value or errors occur. Check out the docs. – Alex Borsody May 30 '20 at 01:40
  • https://www.php.net/manual/en/session.configuration.php#107990 this is the question – Alex Borsody May 30 '20 at 01:45