2

According to this answer, the session.gc_maxlifetime is based (as of PHP 4.2.3) on the last modified date of the session:

Note: If you are using the default file-based session handler, your filesystem must keep track of access times (atime). Windows FAT does not so you will have to come up with another way to handle garbage collecting your session if you are stuck with a FAT filesystem or any other filesystem where atime tracking is not available. Since PHP 4.2.3 it has used mtime (modified date) instead of atime. So, you won't have problems with filesystems where atime tracking is not available.

I can find nothing on the official documentation about that, the note seems to be disappeared, so is this still true?

Community
  • 1
  • 1
zer0uno
  • 7,521
  • 13
  • 57
  • 86

2 Answers2

1

The right answer is yes(PHP 5 - PHP 8), it based on last modified time.

And if php script read session variable, php runtime will update modified time.

The c souce is here (PHP 7.3 C Source):

enter image description here

JiaFeiX
  • 21
  • 3
-1

No, session.gc_maxlifetime worksby time interval defined.

This value (default 1440 seconds) defines how long an unused PHP session will be kept alive. For example: A user logs in, browses through your application or web site, for hours, for days. No problem. As long as the time between his clicks never exceed 1440 seconds. It's a timeout value.

PHP's session garbage collector runs with a probability defined by session.gc_probability divided by session.gc_divisor. By default this is 1/100, which means that above timeout value is checked with a probability of 1 in 100.

Saquib Lari
  • 190
  • 8