How to make session valid for a certain amount of hours

Question

So in this zend 1 application, when I go to start page, I can see that there is a cookie named PHPSESSID. I then log in (a custom login) and the user can go through protected pages. But if he is inactive for more than 30 minutes, when then requesting a protected page the application will redirect him to login page.

What I was focusin on was the PHPSESSID. Which initially was set to 30 minutes. I increased that by adding "28800" to what seems to be a global call to setcookie.

When I then reloaded the page, I could see that PHPSESSID would expire after 8 hours. Despite this, the use is still being logged out after 30 minutes. So changing cookie expiration didn't gave anything. What's next? Changing the php session duration? Current relevant values are:

session.cache_expire: 180
session.gc_divisor: 1000
session.entropy_length:32
session.gc_maxlifetime: 14400
session.gc_probability:1
session.name: PHPSESSID

Or is this related to the framework itself? Somewhere in Zend to adjust the expiration of the session?

Answer 1

If you have multiple php site storing session files in the same dir - php gc processes may have different set for session. In this case store session files in another, only for you site, directory.

Answer 2

If you are using zend then try this.

$auth = Zend_Auth::getInstance();

if ($auth->hasIdentity()) {
    $authns = new Zend_Session_Namespace($auth->getStorage()->getNamespace());
    $authns->setExpirationSeconds(60 * 30); //expire auth storage after 30 min
}