I have read dozens of solutions to this and tried almost every one of them, but my sessions times out quickly anyway. I'm using a Debian installation and have set max variable in /usr/lib/php5/maxlifetime to 86400. I've also set session.gc_maxlifetime = 86400 in php.ini. I've made the session cookie valid for one hour and every time I reload the page I update it with another hour. I have tried setting ini_set("session.gc_maxlifetime", "86400"); in my front controller. However nothing helps. If I login to my site and wait about 20 minutes the next time I click a link on the page I will be logged out. The session cookie is still valid and the session file in /var/lib/php5 still exists. I just don't get it. I should also mention that I use Parallels PLESK on the system and it has made a lot of modifications to the standard Debian install, but I don't think that's the problem. Anyone?
Is it possible you have something a .htaccess conflicting with everything else? And are you sure you do not set this somewhere else in your code or some custom php.ini? Everytime I have such problems I finally realise I forgot ONE place.
It's entirely possible there's more than one .ini being loaded and where the one you made your session changes to is being overridden by one loaded later in the chain. Dump out a phpinfo()
where your session validation/login code are and see what the session settings are. Part of the output will also be a list of the .ini files that were loaded.
I'm not sure if this will help, but make sure you're using both ob_start() & session_stat();
ob_start();
session_start();
That's weird, a solution could be to implement a "Remember Me" feature with cookie. I know sessions can be very fickle, if you log-in on another comp, or the same comp but different browser, the cookie could be destroyed.
Also is the session really getting destroyed? Or is a new session being generated?
Does php -i | grep session.cookie_lifetime (at console) or phpinfo() (in script) verify your change to the cookie lifetime parameter?
If you use Firefox, try installing the Web Developer Toolbar and Firebug to inspect the cookies and network activity. This is a very useful combination for me when investigating issues where the hash value of a session cookie changes.
It's also possible that somewhere in your code or libraries you have a call to session_set_cookie_params() that's overloading your expected behavior. You can inspect cookies with either of the extensions above to verify their expiration.