Declaring Session Max Life Time in htaccess

Question

I am wondering whether we can declare session.gc_maxlifetime setting in .htaccess for the one particular project instead of whole web server?

If so, how

Answer 1

Yes, session.gc_maxlifetime is a PHP_INI_ALL setting so it can be overidden in .htaccess:

php_value session.gc_maxlifetime 2000

Also make sure that <Directory> entry in your Apache configuration supports override:

AllowOverride Options

It also may be possible that you misunderstood the purpose of this option. This option will not set the maximum life time of a session, it will set the amount of time after which the garbage collector will clean the session if it's not valid. This can be determined by a lot of factors, including access times, modification times, other INI options such as session.gc_probability and session.gc_divisor.

If you want to limit a session life time, use a proper mechanism for that, as described by @Gumbo in How do I expire a PHP session after 30 minutes.

Answer 2

As far I can see, the gc_maxlifetime value can be set anywhere:

http://php.net/manual/en/session.configuration.php

http://www.php.net/manual/en/configuration.changes.modes.php

So you could also set it via ini_set(...) in a php file included in all your pages.

Anyway, I think your code in the .htaccess should work as well. Maybe you missed something else, for example

php_value session.save_path "/PATH/TO/SESSIONS"

where PATH/TO/SESSIONS is the path of a folder where you have 777 access permissions.