Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What php.ini settings are required to allow a session to remain active for approximately two days?

Tags:

php

config

http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime

says that a session.cookie_lifetime of 0 "goes until the browser is closed". Is that the absolute maximum length that the session can have (always wiped when the browser is closed), or would setting a session.cookie_lifetime of, say, 23243245234 yeild a result that would probably last beyond whenever the browser is closed?

More to the point, what php.ini settings would I need to set to make sessions last somewhere along the lines of two days, and is there a security reason to recommend a certain (I would expect lower) time limit, and if so what would the recommended period be?

Intended behavior Edit: Here is what I want to achieve, perhaps I'll be able to understand the behavior by getting some settings suggestions as opposed to the specific values of the php.ini settings:

I want the session to last as long as possible, up to (approximately) two days. If the session can last beyond browser close, I would like it to do so (up to approximately two days).

What would I set for php.ini settings (and yes, I have direct edit access to the php.ini) to acheive that?

like image 732
Kzqai Avatar asked Apr 07 '11 06:04

Kzqai


People also ask

What should be the setting for PHP INI?

The php. ini file is the default configuration file for running applications that require PHP. It is used to control variables such as upload sizes, file timeouts, and resource limits.

How do you increase the session expire time in PHP?

Your answer if(time() - $_SESSION['login_time'] >= 1800){ session_destroy(); // destroy session. header("Location: logout. php"); die(); // //redirect if the page is inactive for 30 minutes } else { $_SESSION['login_time'] = time(); // update 'login_time' to the last time a page containing this code was accessed. }

How long do PHP session variables last?

By default, session variables last until the user closes the browser. So; Session variables hold information about one single user, and are available to all pages in one application.


1 Answers

There are two parameters you need to worry about regarding sessions. The first is the TTL for the cookie, the other is how old a session data file can become before it gets garbage collected.

session.cookie_lifetime determines, in seconds, how long the cookie sent to the browser will last. It defaults to 0, which means until the browser closes. For two days it'd need to be 172800 seconds.

session.gc_maxlifetime determines, also in seconds, how long before session data marked on the server will be regarded as garbage and can be deleted.

Setting these two ini directives should give you sessions that survive for two days, except for one more thing of which you need to be aware.

Some operating systems do automated garbage collection on their default temporary directories. If PHP is configured to store session data there, then if the GC period for the temp directory is short you may find yoruself losing your session before the value in session.gc_maxlifetime is reached. To avoid this, make sure PHP is storing session data to a location other than /tmp or whatever the temporary directory of your host operating system is.

like image 121
GordonM Avatar answered Oct 01 '22 05:10

GordonM