tags:

views:

87

answers:

3
Q: 

everlasting sessions in PHP

Is it possible to configure PHP sessions to never expire? I currently have the default 24 minutes set in php.ini - I could whack this up to a couple of weeks or something like that but I was wondering if I can set them to infinite lifetime?

I want to achieve a similar effect to Stackoverflow's: I never have to log in here. Is this achieved on SO with a never-expiring session or some other means?

Also, as a secondary question: How do the expired session files get cleaned up? If someone creates a session and never returns, which process is cleaning up their expired file?

+7  A: 

Normally, what appears to be an everlasting session is two things: a session, which expires pretty soon, and a very long-life cookie containing an auto-login token.

There's a great series of responses on sessions and logging-in contained in this StackOverflow question: The Definitive Guide To Website Authentication

Regarding your question about when sessions are cleaned up, there are several php.ini settings for controlling when the garbage collection for sessions is triggered.

Paul Dixon  2009-10-26 21:08:53
+1  A: 

Since PHP both allows and encourages you to create your own session data storage handlers, there is no single correct answer to this question.

Azeem.Butt  2009-10-26 21:19:15
+1  A: 

Answer to secondary question

Session file cleanup is controlled by the following 3 php.ini settings:

  • session.gc_probability (default value 1)
  • session.gc_divisor (default value 100)
  • session.gc_maxlifetime (specified the age after which the session is considered as garbage)

First 2 settings specify the probability of the garbage collection process being started at session start (before or at the very beginning of your script execution, depending on how you have set things up)

In default configuration there is a 1% probability then that this happens. If it does, then files that are older than maxlifetime are cleaned.

As for your first question - why not write a custom session handler, that stores sessions inside the database (if you have one). That way you can see and control the sessions right from inside the database. Handy :)

Anti Veeranna  2009-10-26 21:20:14

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases