PHP Session not timing out

Question

I cant seem to get my session to time out. see below very simple code. The start button starts session and below prints id and time till timeout. I've set it to 5 seconds, which it does display, but if you wait for more than 5 seconds and refresh it still shows the id and 5 seconds. Am I missing something here?

<?php

echo <<<_END

<form method="post" action="">
<input type="hidden" name="start" value="yes"/>
<input type="submit" value="Start session"/>
</form>
_END;

if (isset($_POST['start']))
{
session_start();
ini_set('session.gc_maxlifetime', 5);
ini_set('gc_probability', 100);
ini_set('gc_divisor', 100);
}

echo session_id();
echo "<br>";
echo ini_get('session.gc_maxlifetime');

?>

Answer 1

ini_set is just change the setting for current page. Try put the code below outside if, at the top of the page, and you need to call session_start every time you deal with session.

<?php

ini_set('session.gc_maxlifetime', 5);
ini_set('gc_probability', 100);
ini_set('gc_divisor', 100);
session_start();

echo <<<_END
<form method="post" action="">
<input type="hidden" name="start" value="yes"/>
<input type="submit" value="Start session"/>
</form>
_END;

if (isset($_POST['start']))
{
    $_SESSION['test'] = 'I should disappear on next request after 5 seconds';
}

echo $_SESSION['test'];

?>

Answer 2

by default in PHP Session data store in tmp directory may be it time so small to phisically delete session temporary data. Try to increase session maxlifetime.

(by default session delete by cron. Could it run the delete operation?)

Answer 3

From the php documentation:

To use cookie-based sessions, session_start() must be called before outputing anything to the browser..