Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

The question between session.gc_maxlifetime and session.cookie_lifetime

Tags:

php

session-cookies

session-timeout

My first question in stackoverflow. Thanks in advance!

I am so confused about the PHP session mechanism. I have understand the session.gc_maxlifetime by PHP - ini_set('session.gc_maxlifetime', 5) - Why it doesn't end the session?. But I still don't know the difference between session.gc_maxlifetime and session.cookie_lifetime.

Question: What will happened if the time of session.cookie_lifetime is out? Will the session cookie be deleted from the client computer directly?

I need to figure this question, then continue to ask something further.

like image 744
Ruiwant Avatar asked Apr 01 '11 09:04

Ruiwant

People also ask

What is Session Cookie_lifetime?

session. cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means "until the browser is closed." Defaults to 0 .

What is the default lifetime of a session?

Session lifetime determines the maximum idle time of an end user's sign-on session to Okta. Lowering this value decreases the risk of malicious third party access to a user's applications from an active session. The maximum time allowed time for this setting is 90 days. The default session lifetime is two hours.

How long is PHP session timeout?

It depends on the server configuration or the relevant directives session. gc_maxlifetime in php. ini . Typically the default is 24 minutes (1440 seconds), but your webhost may have altered the default to something else.

2 Answers

session.gc_maxlifetime is the time in seconds after which your session data could be considered as garbage data. In other words, you can say that it is the time an unused PHP session will be kept alive.

session.cookie_lifetime is the life time in seconds of session cookies whether the session is alive or not. So the cookies will stay alive until the given time is elapsed

See:
http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime https://blogs.oracle.com/oswald/entry/php_session_gc_maxlifetime_vs

like image 94
ahPo Avatar answered Oct 13 '22 10:10

ahPo

The cookie lifetime is transmitted to the client. If the cookie has reched its lifetime, the client usually deletes it. So it is client-side. Also the a session can be alive even after the cookie is gone, since you can create the same cookie again, epand its lifetime, or transmit the session-id via the uri.

Hope that helps!

like image 39
Legy Avatar answered Oct 13 '22 10:10

Legy
Sign in to Comment

Related questions

Manipulate PHP-instanceof-operator for wrapper-class
Magento payment : additional_information or payment attribute?
magento admin login through curl
How to convert html to doc in php [closed]
What, *specifically*, makes DataMapper more flexible than ActiveRecord?
UCA + Natural Sorting
Validation as property of the form
Simple Smart Phone detection
Queries to find places within a given lat/lng
How can I avoid getting a 502 Gateway Error while restarting php-fpm?
letters to touch tone number output
Pinging a Node.js server from PHP on AWS
Loading bar while script runs
Replace newlines, but keep the blank lines
Output mp3 with php
How to use icons in a drop-down list? [duplicate]
PHP readfile returns zero length file
Detect IPv6 in PHP?
What are the reasons to use or to not use PHP's native gettext versus a self-build?
Writing to stdin from PHP?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!