4

I have set session timeout time for 20 Minutes as below.Sometime the session timeout is happening in two or three minutes.

ini_set('session.gc_maxlifetime',   1200);

ini_set('session.cookie_lifetime',  1200);

ini_set('session.gc_probability',   1);

ini_set('session.gc_divisor',   100);

What could be the issue?

Improve this question
5
  • Is your script maybe overriding these setting somewhere else in the code? Commented Mar 4, 2013 at 9:05
  • 1
    and what does ini_get() says ? Commented Mar 4, 2013 at 9:05
  • session.cookie_lifetime is a value defined in minutes not seconds Commented Mar 4, 2013 at 9:06
  • @s.lenders session.cookie-lifetime Commented Mar 4, 2013 at 9:09
  • possible duplicate of PHP sessions timing out to quickly Commented Mar 4, 2013 at 9:19

1 Answer 1

Reset to default
1

The 20 minute expiration does not reset when the user browses other pages. The problem is explained in this comment:

As PHP's Session Control does not handle session lifetimes correctly when using session_set_cookie_params(), we need to do something in order to change the session expiry time every time the user visits our site. So, here's the problem.

$lifetime=600;
session_set_cookie_params($lifetime);
session_start();

This code doesn't change the lifetime of the session when the user gets back at our site or refreshes the page. The session WILL expire after $lifetime seconds, no matter how many times the user requests the page. So we just overwrite the session cookie as follows:

$lifetime=600;
session_start();
setcookie(session_name(),session_id(),time()+$lifetime);

And now we have the same session cookie with the lifetime set to the proper value.

Better, leave the session.cookie_lifetime to 0 so that the cookie expires when the browser is closed. Otherwise, users who assume that closing the browser will end their session will be surprised when they re-open their browser before the 20 minute timeout.

Edit regarding gc_xxxx settings

gc_probability = 1, gc_divisor = 1, gc_maxlifetime = 1200

1/1 implies PHP will check the date of session files for every session_start call.

gc_probability = 1, gc_divisor = 100, gc_maxlifetime = 1200

1/100 means PHP will check the date of session files randomly but approximately once per 100 session_start calls.

The date check itself consist of comparing session file's accessed time with gc_maxlifetime; it deletes the file if wasn't accessed in the past (e.g.) 20 minutes.

Having said that, if the cookie expires because of timeout (or closing of browser when timeout was 0) the session expires immediately since the browser stops sending the expired session id cookie; in which case PHP issues a new session id cookie. The session id file associated with the expired cookie becomes abandoned, does not get accessed anymore; therefore garbage collected anytime as described above.

Last, your specific issue can be resolved (i) by looking at the expiry date of session id cookie (ii) and remembering that cookies with timeout are not renewed when page is visited/refreshed.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

How does that answer the question?
Yes it did not, I have now added the reference.
Am not used session_set_cookie_params and i have checked with session.cookie_lifetime = 0 also. But some time the timeout is happening.I have some other doubt also like, 1. My understanding is ,when we set session.gc_probability = 0.The GC will not happen. If GC not happen Session timeout also will not happen?
Gumbo's answer should explain how sessions and GC work. Plus you also need to check the cookies that are being exchanged. The sessions which appear to be expiring after 1 minute could be the ones that were started 19 minute ago. You are setting session.cookie_lifetime via ini_set which is same as using session_set_cookie_params.
For session.gc_probability = 0 session timeout will happen or not? How gc_probability & gc_divisor affecting GC. let say am setting value as below. Case 1 : gc_probability = 1 , gc_divisor = 100 ,gc_maxlifetime = 1200; Case 2 : gc_probability = 1 , gc_divisor = 1 ,gc_maxlifetime = 1200; What is the difference i can see in session timeout with above two cases.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.