PHP session timeout htaccess file

Question

Hi i\'m new to programming but am currently working on a session timeout problem. Basically my session keeps timing out even though i\'ve changed the session.gc_maxlifetime. I

Answer 1

PHP doesn't do with session cookies what you might think it does...

php_value session.gc_maxlifetime "86400"

This merely sets the time after which garbage collection may occur - since there's only a very small chance that the session data will be garbage collected after this time this is unlikely to be the culprit.

php_value session.cookie_lifetime "86400"

This sets the time at which the session cookie expires... but it doesn't update at session_start() therefore, if you start the session on one page, that sets the clock ticking. Moving from page to page won't reset the "clock" so a session with a cookie_lifetime of 600 will expire 10 minutes after it was started not after 10 minutes of inactivity - you may be seeing this behaviour.

Your best bet is to set php_value session.cookie_lifetime "0" this means that the session cookie will expire only when the user closes their browser.

If you want to handle an arbitrary expiry that triggers after a period of inactivity it's best to do that in the PHP code by setting a variable within the session, something like $_SESSION['expires'] and checking/updating/handling that at the start of every page.