View Full Version : session.gc_maxlifetime

10-25-2006, 06:27 PM
is session.gc_maxlifetime maximum session length or maximum inactivity?
I'm pretty sure in ASP sessions lengths were determined by inactivity, ie if you kept active and doing stuff then you stayed logged in - indefinately.
However, I'm not so sure in PHP.

On one of our sites we're having a problem that sessions are timing out in the middle of people doing stuff. Obviously this is a big problem because all the work that they were doing is then lost and they're faced with a login screen. The session.gc_maxlifetime is set to the default 1440s which should be long enough (if session length is determined by inactivity) but thats not seeming to be the case. I can be right in the middle of doing sometihng and get logged out - other times I can go away for ages and come back and still be logged in - its very frustrating and we're getting complaints from the marketting department ;)

10-25-2006, 07:15 PM
The session.gc_maxlifetime only sets the age of the session files that will be deleted when garbage collection runs.

If you have a busy web site with a lot of sessions being created, garbage collection will run based on session.gc_probability/session.gc_divisor. Despite this being called "probability" I tested this and it is strictly a count. Using the default gc_probability/gc_divisor of 1/100, this means that garbage collection will run every 100 new sessions (Edit: Actually this occurs within the session_start() coding and would count re-started sessions as well) and delete any existing session files that are older than the session.gc_maxlifetime. There is no file locking on the session files, so active session files will be deleted and things like users getting logged out will occur.

If this is on shared hosting and the session files are all kept in the default location and someone else is using a smaller session.gc_maxlifetime or a more frequent gc_probability/gc_divisor, then any of the session files will get deleted based on the lowest value of gc_maxlifetime and the most frequent gc_probability/gc_divisor.

You need to increase session.gc_maxlifetime or make session.gc_divisor larger and if this is on shared hosting, set session.save_path to be a location within your web space.

10-25-2006, 08:03 PM