How does Codeigniter's sess_time_to_update work

Question

based on the following question/answer CodeIgniter session class not working in Chrome

I had the problem where people are unable to login to my website from another country which is far from the US server. After searching online I've stumbled upon a suggestion which describes how the the problem is based on the difference between the server's timezone and the user's timezone. So, by extending the session_expiration I've managed to get around the problem and people are able to log in successfully.

My questions is whether the sess_time_to_update creates a new timestamp and it will logout the user because the new timestamp is in the wrong timezone? Do I have to make the new sess_time_to_update 17+ hours so that it covers the broadest range of timezones as explained in the question that I've linked. Is there some other way of storing the session at the user's browser based on their localtime (without asking them to choose timezones in the profiles and other sorts of user unfriendly schemes). I would like to have a 2h default session expiration time + the 800sec. update time. I'm not using the database to store the session and I would rather not use it.

Answer 1

The sess_time_to_update setting is how often the session details (such as last activity) are updated. The default is every 5 minutes (300 seconds) and a new session ID will be generated. This would reset the expiration date based on the sess_expiration setting.

I would suggest keeping the sess_time_to_update at the default (or lower) as that would keep the user session alive longer since the session expiration would keep getting reset. The only setting that may need to remain high would be sess_expiration, that is unless you can determine the users timezone.

There are a couple of ways you could try to determine the users timezone. One would be Javascript (Example: Client Side Timezone Offsetting) or you could try using PHP's GEOIP Methods.