I'm using sessions for authentication in a content management system and experiencing rare but occasional problems with the session apparently expiring unexpectedly. I've checked the manual and I've reviewed the session configuration on the commericial host I'm using. I don't see anything wrong, but there are some settings that I don't understand:
session.gc_maxlifetime 1440 -- Garbage collection after 24 minutes? Does this mean that the session id and session variables will be cleared after 24 minutes of inactivity? (Surely not; that doesn't make sense.) And cleared from where, the directory specified in session.save_path? session.save_path /tmp -- The session id and session variables are stored in this directory, and it's more secure to specify a different directory. Is it more stable to specify a different directory? Is it more stable to use a database? session.cache_expire 180 -- The cache expires after 3 hours? If session.cache_limiter is set to nocache, is session.cache_expire relevant? Basically, I want users to be able to stay logged in to the content management system indefinitely, but my tests show that after about 2 hours of inactivity, the session expires. (Going to a different page causes the session variable that identifies the user to be checked with session_is_registered(), and access is denied if the variable isn't registered.) Some users have reported this happening after about 30 minutes. I'm on LInux, PHP 4.1.2, session.cookie_lifetime setting is 0, session.use_cookies setting is On, session.use_trans_sid setting is 1, and other configurations as mentioned above. Why are sessions expiring? Comments and directions to more information are appreciated. -- Lowell Allen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
