How PHP modifies the session lifetime

How to modify the session lifetime

Let's set the lifetime of the Session manually:

<?php
Session_Start ();
Save the day
$lifeTime = 24 * 3600;
Setcookie (Session_name (), session_id (), time () + $lifeTime, "/");
? >
In fact, the Session also provides a function session_set_cookie_params (); To set the lifetime of the Session, the function must be called before the session_start () function call:
<?php
Save the day
$lifeTime = 24 * 3600;
Session_set_cookie_params ($lifeTime);
Session_Start ();
$_session["Admin"] = true;
? >
If the client uses IE 6.0, Session_set_cookie_params (); There are some problems with the function setting cookie, so let's call the Setcookie function manually to create a cookie.
Session Expiration time setting in PHP
Many people on the Web have given answers: Modify the Session.gc_maxlifetime in the PHP configuration file. If you want to learn more about the session recycling mechanism, continue reading. (This article Environment php5.2)

Overview: Every PHP request, a 1/100 probability (default) triggers a "session recycle". If "Session recycling" occurs, then the/tmp/sess_* file is checked, and if the last modification time is now more than 1440 seconds (gc_maxlifetime value), it is deleted, which means that the session expires.

1. How does the session exist on the server side (typically Apache with PHP module)?

By default, PHP will save the session in the/tmp directory, the file name looks like this: sess_01aab840166fd1dc253e3b4a3f0b8381. Each of the files corresponds to a session.

more/tmp/sess_01aab840166fd1dc253e3b4a3f0b8381
Username|s:9: "Jiangfeng"; admin|s:1: "0″;
#变量名 | Type: Length: Value
Delete the session file here, it means that the corresponding session is invalid.

2. How does the session exist on the client side (typically a browser)?

Session on the browser side, only need to save the session ID (generated by the server side of the unique ID). There are two ways to save: In a cookie, in a URL. If you save the session ID in a cookie, you can see a phpsesid variable in the browser's cookie. If the URL is passed, you can see the shape as follows:
Index.php? The URL of the phpsesid=01aab840166fd1dc253e3b4a3f0b8381. (Use Session.use_cookies to control which method is used on the server side)

3. On the server side, how does PHP determine if the session file expires?

If the "Last modified time" to "now" exceeds Gc_maxlifetime (default is 1440) seconds, the session file is considered to be out of date, the next time the session is recycled, if the file is still not changed, The session file will be deleted (the session will expire).

To put it simply, if I log in to a Web site, if there is no action within 1440 seconds (the default), then the corresponding session is considered to be out of date.

Therefore, modifying the gc_maxlifetime variable in the php.ini file can prolong the session Expiration time: (for example, we change the expiration time to 86,400 seconds)

Session.gc_maxlifetime = 86400
Then, restart your Web service (typically Apache).

Note: The PHP5 inside session expires using the recycle mechanism. This setting time is 86,400 seconds, if the session has not been modified in 86,400 seconds, then the next "recycling" is really deleted.

3. When does the session "recycle" occur?

By default, every PHP request will have a 1/100 probability of recycling, so it might simply be understood as "one recovery per 100 PHP requests". This probability is controlled by the following parameters

#概率是gc_probability/gc_divisor
session.gc_probability = 1
Session.gc_divisor = 100
Note 1: Assuming this situation is gc_maxlifetime=120, if the last modification time of a session file is 120 seconds ago, the session will still be valid until the next recovery (1/100 probability) occurs.

NOTE 2: If your session uses Session.save_path to save the session,session recycle mechanism, it is possible that the expired session file will not be processed automatically. At this time need to regularly manually (or crontab) Delete expired session:cd/path/to/sessions; Find-cmin +24 | Xargs RM

4. Some special cases

Because the recycle mechanism will check the file's "Last Modified time", so if a session is active, but the content of session has not changed, then the corresponding session file has not changed, the recycling mechanism will consider this is a long time inactive session and delete it. This is something we don't want to see, and can be solved by adding the following simple code:

<?php
if (!isset ($_session[' last_access ')) | | (Time ()-$_session[' last_access ')) >60)
$_session[' last_access '] = time ();
?>
The code will attempt to modify the session every 60 seconds.

Summary: If you want to modify the session expiration time, modify the variable gc_maxlifetime on it. The PHP5 session uses a passive recovery mechanism (garbage collection). The expired session file does not disappear by itself, but instead causes the expired session to be processed by triggering "recycle".

How PHP modifies the session lifetime