PHP session is getting expired for every 1 hour automatically

Question

I am setting up a PHP session to be valid for 4hr after login. but session is getting expired exactly at rounded hours (@1 AM, 2 AM, 3 AM so on..)

For eg: if login at 12.00 AM or 12.30AM, session is getting expired at 1 AM exactly.

Is there any default setting done in shared hosting for session ?

I have tried changing session save path and session life but NO use.

Here is my code during login page.

// server should keep session data for AT LEAST 4 hour
ini_set(session.save_path, "/home/web/session"); 
ini_set('session.gc_maxlifetime', 14400);
session_start();
$_SESSION['login'] = 1;
$_SESSION['sessionid']=session_id();

And in other pages:

if($_SESSION['login'] == 1  $_SESSION['sessionid']==session_id()) 
{ 
    echo "you are aleady logged in...";
}
else
{ echo "you are not logged in..." ; //this is occurring exactly every hour
}

Could you please help me to resolve this issue ?

`ini_set(session.save_path, "/home/web/session");` should really be `ini_set("session.save_path", "/home/web/session");` — Matteo Tassinari, Jun 10 '14 at 16:34
interesting in debian session_save_path needs additional value for garbage collector session.gc_probability to 1 for the GC to clean the old session from the custom session folder. But in your case its getting deleted automatically. May be you need to contact the hosting service for this. — Abhik Chakraborty, Jun 10 '14 at 16:34
@AbhikChakraborty : I am using my own session folder right. how come will it deleted automatically ? — logan, Jun 10 '14 at 16:38
possible duplicate of [PHP sessions timing out too quickly](http://stackoverflow.com/questions/3476538/php-sessions-timing-out-too-quickly) — Giacomo1968, Jun 10 '14 at 16:38

score 1 · Accepted Answer · answered Jun 10 '14 at 16:32

1

Session_start() must be before everything else. That is probably your problem. And anyways that way is very unreliable so its best to crate your own session timeout:

if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 14400)) {
    // last request was more than 30 minutes ago
    session_unset();     // unset $_SESSION variable for the run-time 
    session_destroy();   // destroy session data in storage
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp

answered Jun 10 '14 at 16:32

robinp7720

443
4
12

1

Surely not before you set the session parameters! – Matteo Tassinari Jun 10 '14 at 16:34
is `$_SESSION['LAST_ACTIVITY']` system variable ? – logan Jun 10 '14 at 16:39
$_SESSION is a super global vairbale and you can just save the last time the user was logged in into it. So when 4 hours its easy to detect it. – robinp7720 Jun 10 '14 at 16:42
@robinp7720 : the problem i face is, the session values are empty exactly every hour. so the above if condition wont work for 4 hrs. – logan Jun 10 '14 at 17:13

PHP session is getting expired for every 1 hour automatically

1 Answers1