> >> I'm using sessions for authentication in a content management system > and > >> experiencing rare but occasional problems with the session apparently > >> expiring unexpectedly. I've checked the manual and I've reviewed the > > session > >> configuration on the commericial host I'm using. I don't see anything > > wrong, > >> but there are some settings that I don't understand: > >> > >> session.gc_maxlifetime 1440 -- Garbage collection after 24 minutes? > Does > >> this mean that the session id and session variables will be cleared > after > > 24 > >> minutes of inactivity? (Surely not; that doesn't make sense.) And > cleared > >> from where, the directory specified in session.save_path? > > > > Yes and Yes. After 1440 seconds of not being accessed, they are deleted > the > > next time the garbage collection routine is ran. > > So how did my tests of going up to 2 hours without activity succeed?
Like I said, it's a probability thing. Garbage collection has a 1% chance of being iniated. It may take two hours for that 1% chance to hit and clean up any data that's over 1440 seconds old. Other times, it may hit it a couple times in a row quickly, so you lose your data very close to 1440 seconds. [snip] > > Another option would be to use session_save_path() within your > application > > to save the session files to a separate directory that's writable by the > web > > server. Since this directory is different from session.save_path > specified > > in php.ini, garbage collection will never occur, so the files will not > be > > deleted. > > This seems like the answer I was looking for. So the setting > session.gc_maxlifetime only relates to garbage collection from the /tmp > directory? If I use session_save_path() to define a different directory > for > saving session data, then garbage collection will never occur for that > directory? Garbage collection is only triggered in the directory identified by session.save_path, whatever it is. If you change it to something else in your code, it's not affected by garbage collection. > > Why not just use a cookie to "remember me" though, instead of keeping > the > > sessions persistant? You're going to end up with a file on your computer > for > > _every_ person that visits the site and the file will not go away. Seems > > like it'd be better to just use a cookie and load their data if it's not > > already present, like on their first visit. > > This is for a content management system, with less than 10 people > authorized > to access it, so I don't see the number of session files as a problem. Have fun! ---John W. Holmes... PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
