Thursday, November 19th, 2009
PHP: session.gc_maxlifetime vs. session.cookie_lifetime
PHP and sessions: Very simple to use, but not as simple to understand as we might want to think.
session.gc_maxlifetime
This value (default 1440 seconds) defines how long an unused PHP session will be kept alive. For example: A user logs in, browses through your application or web site, for hours, for days. No problem. As long as the time between his clicks never exceed 1440 seconds. It's a timeout value.
PHP's session garbage collector runs with a probability defined by session.gc_probability divided by session.gc_divisor. By default this is 1/100, which means that above timeout value is checked with a probability of 1 in 100.
session.cookie_lifetime
This value (default 0, which means until the browser's next restart) defines how long (in seconds) a session cookie will live. Sounds similar to session.gc_maxlifetime, but it's a completely different approach. This value indirectly defines the "absolute" maximum lifetime of a session, whether the user is active or not. If this value is set to 60, every session ends after an hour a minute.
Please correct the post
This value (default 0, which means until the browser's next restart) defines how long (in seconds) a session cookie will live. Sounds similar to session.gc_maxlifetime, but it's a completely different approach. This value indirectly defines the "absolute" maximum lifetime of a session, whether the user is active or not. If this value is set to 60, every session ends after a minute (60 seconds=1minute).
Yes, Mohammed is correct. Please fix this post.
Great post. But yes, the value is defined by seconds so it should be 3600 to define an hour. Cheers!
Hey Mohammed, maybe if you asked nicely, he'd actually do it.
Thanks Oswald for the illuminating post. You happen to be one of the top hits on the google search "gc_maxlifetime"