session override in .htaccess, and even php ini_set not working

Question

UPDATE

PHP ini settings

Directive | Local Value | Master Value

session.auto_start Off Off

session.cache_expi

Answer 1

ini_set('session.gc_maxlifetime', 3600000); sets the lifetime of session files for the currently running script only. If other scripts are startet, the have their own (default) setting. A session file is removed when its lifetime has expired and the garbage collection is invoked.

Note: If different scripts have different values of session.gc_maxlifetime but share the same place for storing the session data then the script with the minimum value will be cleaning the data. In this case, use this directive together with session.save_path.

http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime

This means that each script accessing the session folder, even foreign sites depending on shared hosting configuration, can have its own lifetime setting and therefore delete session files in the configured folder. Thus you should also set the session.save_path to a writeble folder under your control. All scripts accessing a session within that save path need to be configured with the intended settings. See also the PHP function session_save_path.

Further more the session garbage collection does not run on every script start by default. You can configue this by session.gc_probability and session.gc_divisor. Set both, probability and divisor, to 1.

Note that passing an integer value to ini_set results into a fatal error. It should be a string value: ini_set('session.gc_maxlifetime', '3600000');.