Menu
Is session_start() supposed to extend the life of the session ID cookie by the session.gc_maxlifetime variable?
My session.gc_maxlifetime is 24 minutes, and each session is only living 24 minutes regardless of additional activity on the site. I get my session, refresh the page, and the expiration time does not change. This results in a logout after 24 minutes of login, no matter what. Is there something wrong with my configuration?
900
Extend the life of a cookie beyond the current browser session by setting an expiration date and saving the expiry date within the cookie. This can be done by setting the 'expires' attribute to a date and time.
To set a cookie so it expires at the end of the browsing session, simply OMIT the expiration parameter altogether. Save this answer.
Cookies without an Expires or Max-Age attribute are treated as session cookies, which means they are removed once the browser is closed. Setting a value on either Expires or Max-Age makes them permanent cookies, since they will exist until they hit their expiry date.
I had problem with this too. I was thinking that each
session_set_cookie_params($sessionTime, '/', $domain);
session_start();
causes that expiration time for cookie PHPSESSID is extended. But really cookie PHPSESSID is set by session_start() only first time in session when new session id is generated.
My goal was that session expiration time should regenerate each time a page was opened. I figured out that session can expire because of two reasons:
session_start(), so session will always expire because of cookie with expiration time.ini_set('session.gc_maxlifetime', $sessionTime).Solution in this case is when you won't set expiration time for cookie, but session.gc_maxlifetime is still set:
function my_session_start($maxtime = 300)
{
ini_set('session.gc_maxlifetime', $maxtime);
session_set_cookie_params(0, '/', "." . $domain);
session_start();
}
Most important is 0 in session_set_cookie_params(0, '/', "." . $domain) then cookie won't expire and there is no need to extend its expiration time. This cookie will be removed when browser is closed. Then we are limited only by time which expires on server side.
I had also problems with that I couldn't extend PHP session time by jQuery Ajax PINGs because of that I had set expiration time for PHPSESSID in cookie. 0 resolves all problems with not expected ends of sessions. Sorry for my English. Good luck.
77
I've noticed this behavior in PHP and tried every configuration on PHP but no luck so far.
My sessions were dying on exact time from first session_start(), lookig at cookie lifetime, it was not renewing its expiry time.
My application already has an important client count, about 60 connections per second, so the GC was hit every 1.5s (i guess).
My solution for cookie time not extending was something like this (It may seem not to elegant, but worked for me).
function my_session_start($maxtime = 300){
// $maxtime = 300 for 5 minutes
session_start( [ 'gc_maxlifetime' => $maxtime ] );
$_sess_name = session_name();
$_sess_id = session_id();
setcookie( $_sess_name, $_sess_id, time() + $maxtime, '/' );
}
It's my particular solution, as the question says "session ID cookie". May not be the optimal, but indeed it works for me!
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
