Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

When does a PHP session end?

Tags:

php

session

I can't seem to find a definitive answer on the internet, so I'm asking here.

When one uses session_start(); in a .php script and saves some values, when does the session end? So when would those values not be accessible again?

I've found that refreshing the page or stopping the session code-wise would stop it, and a possible time-out would stop the session as well. But what about navigating away from the site and returning a minute later? And closing the browser?

As for the last one, on mobile, what does 'closing the browser' mean? Closing the tab or even minimalising the site?

like image 567
Joetjah Avatar asked Nov 21 '13 19:11

Joetjah


People also ask

How long does it take for a session to expire?

How long does a session last? By default, a session lasts until there's 30 minutes of inactivity, but you can adjust this limit so a session lasts from a few seconds to several hours.

How do I end a PHP session?

Destroying a PHP Session A PHP session can be destroyed by session_destroy() function. This function does not need any argument and a single call can destroy all the session variables. If you want to destroy a single session variable then you can use unset() function to unset a session variable.

What happens when a session expires PHP?

When the time duration between the $time variable and the user's last activity will be more than 5 seconds, then the current session of the user will be destroyed and a new session will be generated. The session_unset() and session_destroy() functions have used in the script to destroy the session.

What is default timeout of PHP session?

It depends on the server configuration or the relevant directives session. gc_maxlifetime in php. ini . Typically the default is 24 minutes (1440 seconds), but your webhost may have altered the default to something else.

What is the default lifetime of a session?

Session lifetime determines the maximum idle time of an end user's sign-on session to Okta. Lowering this value decreases the risk of malicious third party access to a user's applications from an active session. The maximum time allowed time for this setting is 90 days.


1 Answers

If your session values are not linked to any cookie, the session will end when the windows browser will be closed.

If your session variable comes from a cookie, the session will end after time specified in the cookie file.

In PHP, sessions work with a cookie of type session. Server-side, the session information is constantly deleted.

To set the lifetime of a cookie in php, you can use the function session_set_cookie_params, before the session_start:

session_set_cookie_params(3600,"/");
session_start();

For ex, 3600 seconds is a one hour, for 2 hours 3600*2 = 7200.

But it's a session cookie, the browser can make it expire by himself, if you want to save longer sessions (like remember login), you need save the data in the server and a standard cookie on the client side.

Navigating away from a site when using cookies will not break the session.

like image 143
DevWL Avatar answered Oct 14 '22 09:10

DevWL