Reputation: 23
PHP not incresing session timeout
For several days I am trying to increase the session timeout for the admin area of a site. The staff have to login and very often losing all the data when they get interrupted by a phone call.
I cannot set the php.ini file higher as this site has thousands of users and the session folder would become massiv.
I have use .htaccess to set session time to one day. Checking with phpinfo() it shows the local value is 86400. Using ini_get also returns 86400
But no file in the sessions folder is older then 25 min. 1440 sec from the standard php.ini
What else can I do to increase the session timeout for the admin folder?
Upvotes: 1
Views: 1019
Answers (1)
Reputation: 11943
It is not clear which php configurations you have modified to 86400, but PHP sessions are tied to multiple configuration directives that can effect a session's life time.
Since sessions are made up of two parts (the cookie that lives on the client side, and the session file that lives on the server side) there are two main values controlling each of their life times.
The Session Cookie [Client]
The cookie is controlled by the session.cookie_lifetime directive, which by default is set to 0, meaning it expires as soon as the user closes their browser. This value should typically be greater than or at least equal to the session_gc.maxlifetime value.
The Session File [Server]
The session file on the server is controlled by the session.gc_maxlifetime directive, which by default is set to 1440 seconds (which is 24 minutes). This the amount of time the server-side session can remain inactive before it is marked for garbage collection by PHP.
There are a number of other variables effecting garbage collection of server-side sessions, but primarily both the session life time and the cookie lifetime must be equal in order for the session to effectively last at least that long. Both directives are in number of seconds.
Edge Cases
Finally, there is the off chance that you are using a patched up version of PHP (like those typically offered by Debian-based distros such as Ubuntu), which place their own garbage collection routine in their PHP package. This can be controlled by a system crontab that does its own garbage collection routine and may effectively change the stock PHP behavior unexpectedly.
From the manual
Note: If different scripts have different values of
session.gc_maxlifetimebut share the same place for storing the session data then the script with the minimum value will be cleaning the data. In this case, use this directive together withsession.save_path.
Meaning that if you have multiple sessions residing in the same directory, with differing lifetime values, then it's likely the smallest lifetime will trigger the garbage collector to clean up those sessions. This is because the gc does not bother to distinguish sessions based on their varying configurations, but based on which session triggers the gc on a specific storage path (then all the files exceeding the TTL are cleaned up regardless).
So just put those sessions you want to have different lifetimes for in different directories by giving them a different session.save_path than the default sessions you typically want to last for a shorter time.
Upvotes: 1
Related Questions
- How to set the session timeout in Zend Framework 2
- Apache making the session time out longer
- Session timeout issue in php
- session timeout in php code and in htaccess?
- PHP session timeout issue
- Issue with session timeout
- Extending session timeout in PHP via the .htaccess
- PHP session timeout htaccess file
- Php sessiontimeout problems
- PHP Session not timing out