3

I have a session that after 30 minutes of inactivity is destroyed or after 23.4 hours is destroyed.

The problem that I have is regardless of activity the session is destroyed after 30 minutes. So if a user is constantly active within the 23.4 hours the session should be maintained for those 23.4 hours then destroyed forcing the user to login again, but the session is destroyed after 30 minutes even though the user is constantly active for those 30 minutes.

Because the Garbage Collector looks at the modified time and not the accessed time the session is being updated with time() so that the modified time is updated when a user does anything on the site.

Here is the php.ini session settings:

Directive                   Local Value     Master Value
session.cache_expire        30              30
session.cookie_lifetime     1800            1800
session.gc_divisor          1000            1000
session.gc_maxlifetime      84400           84400
session.gc_probability      1               1
session.save_handler        files           files

If you need any other of the session ini settings let me know.

Any help with this would be greatly appreciated.

Thanks

Arnaud Le Blanc
  • 98,321
  • 23
  • 206
  • 194
Nalum
  • 4,143
  • 5
  • 38
  • 55
  • There is a great explanation of how both options work in this other StackOverflow question: http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes – mrbellek Jan 28 '11 at 11:05

2 Answers2

3

session.cookie_lifetime is set to 30 min , so the cookie will expire after 30 min , it whont be sent to the server on the next request ( after 30 min have passed ) , and php will issue another session since he/she(php) didn't recived it in the request .

Poelinca Dorin
  • 9,577
  • 2
  • 39
  • 43
  • Yes, the session cookie is re-sent at each request. – Arnaud Le Blanc Jan 28 '11 at 11:11
  • allright , i'll have a short test and delete the answer if you guys are right . – Poelinca Dorin Jan 28 '11 at 11:12
  • 1
    Test failed , once expiration date has been set , eaven if it get's back in the request the expiration date remains as it was first set . so i set it to 3 seconds . then if i refresh the page acording to @Nalum and @user576875 the cookie should still be valid and it should keep the same PHPSESSID , but it's not . Once expiration date has been set , you can change the value but you can't change the expiration date unless you delete the cookie . – Poelinca Dorin Jan 28 '11 at 11:18
0

  1. Do not touch sessions default settings. Leave default values.

  2. Check session lifetime using session itself.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345