> From: Suhas <[EMAIL PROTECTED]> > > My general understanding is a session can be idle for > 1440 seconds. If a php page tried to refer to a session > which is been idle more than > 1440 seconds, there is very little chance that page will > access to session data.
Not quite. As long as a session file exists that matches the session ID passed to the page, it'll load the data. This occurs even if the session file is older than the maxlifetime limit. Here's how this works. By default, there is a 1% chance that a visit to a page with session_start() will trigger garbage collection. _IF_ garbage collection is triggered, it'll look in the session directory and delete session files that older than the maxlifetime setting (using the last access time, i think). If a request is made for a session ID whose matching file has been deleted, then the file is just created again, empty. Since garbage collection is triggered randomly, some session files can live for over the maxlifetime setting. If you have low traffic to your site, the 1% chance of triggering garbage collection may only occur every couple hours. So session lifetime will effectively be anywhere from 1440 seconds to hours. If you have a high-traffic site, then the lifetimes stay around the maxlifetime limit and only go over slightly. If you want to ensure sessions are timed out at a set time, then store the time the session is created within the session itself, check it upon each access for a "time out", and update the time upon each user action. I prefer the "good enough" solution of garbage collection, though, since most programs don't require a hard time out value. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
