What reasons could there be for PHP to provide a new session ID to a Safari browser at absolutely random intervals?
Could the PHPSESSID cookie be expiring in the client? Or maybe something else, more complex?
A:
In your php.ini file you have the config option
session.use_only_cookies
If this is set to true, PHP will use only cookies to keep track of the session.
Otherwise PHP has a fallback method to use get, if the browser has disabled cookies.
So, if you set this option to false, Sessions will also work, if your Safari has cookies disabled.
However this has a security drawback. Some users, that copy your URL and send them to friends, might copy the SID string with the URL and therefore reveal their session to their friends. If you store the SID in cookies only, this could not happen.
Regarding how long a session lives, have a look at the session.gc_maxlifetime config option:
session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. Garbage collection occurs during session start.
JochenJung
2010-08-06 11:42:58