views:

1892

answers:

4

Hi,

Can someone please tell me how long my session will last from the data below? - I'm not sure which one tells me

session.auto_start  Off Off
session.bug_compat_42   Off Off
session.bug_compat_warn On On
session.cache_expire    180 180
session.cache_limiter   nocache nocache
session.cookie_domain   no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure   Off Off
session.entropy_file    no value no value
session.entropy_length  0 0
session.gc_divisor  1000 1000
session.gc_maxlifetime  1440 1440
session.gc_probability  1 1
session.hash_bits_per_character 5 5
session.hash_function   0 0
session.name    PHPSESSID PHPSESSID
session.referer_check   no value no value
session.save_handler    files files
session.save_path   /var/lib/php/session /var/lib/php/session
session.serialize_handler   php php
session.use_cookies On On
session.use_only_cookies    Off Off
session.use_trans_sid   0 0
+2  A: 

This is the one. The session will last for 1440 seconds (24 minutes).

session.gc_maxlifetime  1440    1440
Lukáš Lalinský
A: 

If session.cookie_lifetime is 0, the session cookie lives until the browser is quit.

EDIT: Others have mentioned the session.gc_maxlifetime setting. When session garbage collection occurs, the garbage collector will delete any session data that has not been accessed in longer than session.gc_maxlifetime seconds. To set the time-to-live for the session cookie, call session_set_cookie_params() or define the session.cookie_lifetime PHP setting. If this setting is greater than session.gc_maxlifetime, you should increase session.gc_maxlifetime to a value greater than or equal to the cookie lifetime to ensure that your sessions won't expire.

Øystein Riiser Gundersen
Thanks, when I close the browser and open up the page again, I still see the same sessionId?
Keith Donegan
If your browser was still running, then, yes. The session cookie only expires when the browser application quits.
Øystein Riiser Gundersen
The cookie yes, but the session itself will expire after 24 minutes without any activity even if you keep the browser open.
Lukáš Lalinský
That's correct (and something I forgot to mention). I've edited my answer with an explanation of these settings.
Øystein Riiser Gundersen
It’s not the access time but the moodification time.
Gumbo
+2  A: 

You're searching for gc_maxlifetime, see http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime for a description.

You're session will last 1440 seconds which are 24 minutes (default).

svens
+14  A: 

In general you can say session.gc_maxlifetime specifies the maximum lifetime since the last change of your session data (not the last time session_start was called!). But PHP’s session handling is a little bit more complicated.

Because the session data is removed by a garbage collector that is only called by session_start with a probability of session.gc_probability devided by session.gc_divisor. The default values are 1 and 100, so the garbage collector is only started in only 1% of all session_start calls. That means even if the the session is already timed out in theory (the session data had been changed more than session.gc_maxlifetime seconds ago), the session data can be used longer than that.

Because of that fact I recommend you to implement your own session timeout mechanism. See my answer to How do I expire a PHP session after 30 minutes? for more details.

Gumbo