View Full Version : Increasing Session length

05-14-2008, 01:45 PM
I need to increase the session length but nothing I've tried has worked. This is on a vps so while technically its a shared server, I don't think it should suffer from the problems associated with shared servers. Also the site is new (still under development) and so has negligible traffic.

gc_maxlifetime is set to 0 (I read on php.net this would make the session last til the browser was closed)
gc_divisor = 100
gc_probability = 0

Is there something else I should be setting? (Basically, the client just spent 40 minutes filling in a form, only to be bounced back to login)

05-14-2008, 02:05 PM
The first one should be session.cookie_lifetime (setting gc_maxlifetime to zero would cause all session data files to be deleted every time GC runs.)

Setting gc_maxlifetime to a longer value should work. As long as the session.save_path points to a folder that only your instance of the VPS uses, your gc_maxlifetime setting should apply. How are you setting these and have you verified their actual runtime values using a phpinfo(); statement?

Setting gc_probability = 0 should stop GC (I don't recall if the code use less-than < or less-than and equal-to <= in the comparison.)

It could be that sessions are not working at all.

Edit: I looked at the C source code again and the GC logic use less-than <, so, setting gc_probability = 0 does stop GC.

05-14-2008, 02:11 PM
you could just do <&#37; Server.ScriptTimeout = 1000 %>

where 1000 = how many seconds you want to allow

05-14-2008, 02:14 PM
you could just do <% Server.ScriptTimeout = 1000 %>

where 1000 = how many seconds you want to allow

VB isn't really going to help in a PHP script is it now.

05-14-2008, 04:11 PM
cookie_lifetime =0

sessions are definitely working. The session still times out <1 hour (I'm going to time how long it is)

05-14-2008, 04:21 PM
ok what about someting liek this

// Get the current Session Timeout Value
$currentTimeoutInSecs = ini_get('session.gc_maxlifetime');
echo "\nDefault timeout = ".$currentTimeoutInSecs." seconds\n";

// Change the session timeout value to 30 minutes
ini_set('session.gc_maxlifetime', 30*60);
$currentTimeoutInSecs = ini_get('session.gc_maxlifetime');
echo "Altered timeout = ".$currentTimeoutInSecs." seconds\n";

session_start needs to be below for it to effect that session

05-14-2008, 04:45 PM
Setting session.cookie_lifetime = 0 isn't going to help if your session.gc_maxlifetime is still 0. You'll need to set session.gc_maxlifetime to something reasonably high. 86400 (1 day) may be appropriate.

If that still doesn't work, I've sometimes found my session lifetime settings being defeated by session cleanup scripts that fail to acknowledge my session.gc_maxlifetime (cron jobs that have their own setting that also has to be changed, rather than pulling the value out of php.ini). Investigating that will require digging into what your system is doing about session cleanup.

05-14-2008, 05:01 PM
Turns out it was some special debian thing.