How to accurately set the session expiration time in php

Source: Internet
Author: User
Tags garbage collection session id php session phpinfo sessions tmp folder

In PHP, set php. ini and find session. gc_maxlifetime = 1440 #(PHP5 is 24 minutes by default)

You can set the expiration time as needed, but some people say that it does not work after the setting!

In fact, it is not ineffective, but because the system default:

Session. gc_probability = 1

Session. gc_divisor = 1000

The garbage collection has a probability that 1/1000 means that the session is recycled only once for 1000 times.

As long as your traffic volume is high, the recovery effect can be achieved.

Otherwise, you can set the value of session. gc_divisor,

For example: session. gc_divisor = 1, so that you can see the effect of SESSION expiration.

The most common method is to set

The code is as follows: Copy code

<? Php
If (! Isset ($ _ SESSION ['last _ access']) | (time ()-$ _ SESSION ['last _ access'])> 60)
$ _ SESSION ['last _ access'] = time ();

This is done. If you want to set an expiration date, you can also implement the instance in the program.

<? Php
Unset ($ _ SESSION ['last _ access']) or $ _ SESSION ['last _ access'] = '';

The session has an expiration mechanism.

Session. gc_maxlifetime the original session expiration is a small probability event, respectively using session. gc_probability and session. gc_divisor is used to determine the probability of gc sessions in the running session. gc_probability and session. the default gc_divisor values are 1 and 100, respectively.

The probability of gc running in the session is 1% for the numerator and denominator respectively. If you modify these two values, the efficiency of php is reduced. So this method is not correct !!

Therefore, modifying the gc_maxlifetime variable in the php. Ini file can prolong the session expiration Time: (for example, we can change the Expiration Time to 86400 seconds)

The code is as follows: Copy code

Session. Gc_maxlife time = 86400

Then, restart your web service (generally apache.

When will session "recycle" occur?

By default, every php request will have a 1/100 probability of recovery, so it may be simply understood as "every 100 php requests will be recycled once ". This probability is controlled by the following parameters:

The code is as follows: Copy code

# The probability is gc_probability/gc_divisor.
Session. gc_probability = 1
Session. gc_divisor = 100

Note 1: assume that gc_maxlifetime = 120. If the last modification time of a session file is before 120 seconds, before the next recovery (1/100 probability, this session is still valid.

Note 2: If your session is saved elsewhere in session. save_path, the session recycle mechanism may not automatically process expired session files. In this case, you need to manually (or crontab) delete expired sessions: cd/path/to/sessions; find-cmin + 24 | xargs rm

PHP session never expires

It is the best way not to modify the program, because if you modify the program, the test department will be very depressed, like me, so you can only modify the system environment configuration, in fact, it is very simple, open php. ini settings file. Modify the following three lines:

1. session. use_cookies
Set this value to 1 and use cookie to pass sessionid

2. session. cookie_lifetime
This indicates the time when SessionID is stored in the client Cookie. The default value is 0, indicating that the session id will be voided once the browser closes it ...... This is why PHP sessions cannot be used permanently! So let's set it to a number that we think is big. How about 999999999? Yes! That's it.

3. session. gc_maxlifetime
This is the time when Session data is stored on the server. If this time is exceeded, Session data will be automatically deleted! Then we set it to 99999999.

So everything is okay. If you don't believe it, test it. Set a session value for 10 days and half a month, if your computer is not powered off or down, you can still see this sessionid.

Of course, you may not be able to modify php just as lucky as you do not have permission to control the server. ini settings, everything depends on ourselves. Of course, we must use the client to store cookies. The sessionID is stored in the client's cookie and the cookie value is set, then pass the value to the session_id () function. The procedure is as follows:

The code is as follows: Copy code

<? Php
Session_start (); // start the Session
$ _ SESSION ['count']; // registers the Session variable count.
Isset ($ PHPSESSID )? Session_id ($ PHPSESSID): $ PHPSESSID = session_id ();
// If $ PHPSESSID is set, the SessionID is assigned to $ PHPSESSID. Otherwise, the SessionID is generated.
$ _ SESSION ['count'] ++; // variable count Plus 1
Setcookie ('phpsessid ', $ PHPSESSID, time () + 3156000); // store the SessionID to the Cookie
Echo $ count; // display the value of the Session variable count

Session failure does not pass

First, write a php file: <? = Phpinfo ()?>, Upload it to the server to check the server parameter configuration.

Go to the session section and check that the session. use_trans_sid parameter is set to zero.

This parameter specifies whether transparent SID support is enabled, that is, whether the session is transmitted along with the URL. In my personal understanding, once this parameter is set to 0, each URL will start a session. In this way, the session of the previous page cannot be tracked, that is, the session of the previous page cannot be passed. The two pages generate two session files on the server without Association. (I don't know, do you? Please advise .)

Therefore, in the configuration file php. ini, change the value of session. use_trans_sid to 1.

Of course, we know that not everyone has the permission to modify the php configuration. So what indirect solutions are there?

The following describes two instances:

The code is as follows: Copy code

File 1 test1.php

<? Php
// Indicates that the session is identified by the user ID.
Session_id (SID );
// Start the session
Session_start ();
// Assign the session name to Havi
$ _ SESSION ['name'] = "Havi ";
// Output the session and set the hyperlink to test2.php on the second page
Echo "<a href =" test2.php ">". $ _ SESSION ['name']. "</a> ";


File 2: test2.php

<? Php
Indicates that the session is identified by the user ID.
Session_id (SID );
// Start the session
Session_start ();
// Output the session passed in test1.php.
Echo "This is". $ _ SESSION ['name'];

Therefore, the focus is to add session_id (SID); before session_start ();. In this way, the server uses the session saved in the session folder of the server during page conversion, solved the transfer problem.

However, some shoes will reflect that, as a result, the session value of multiple users is written in one SID, and the Session value cannot be realized. To solve this problem, you do not need to add session_id (SID). The premise is that you have the permission to configure php. ini on the server:

If you change output_buffering to ON, the table will not be displayed.

The second possible cause is that you do not have the read permission on the folder where the session is saved on the server, or go back to phpinfo. php to view the address saved by the session:

The code is as follows: Copy code

Session. save_path: var/tmp

Check whether the var/tmp folder is writable.

Write a File: test3.php to test it:

The code is as follows: Copy code

Echo var_dump (is_writeable (ini_get ("session. save_path ")));

If bool (false) is returned to prove that the folder write permission is restricted, change the folder and add the following to your webpage:

The code is as follows: Copy code

// Set the session subfolders in the current directory as the session storage path.
$ SessSavePath = dirname (_ FILE _). '/session /';

// If the new path is readable and writable (you can change the folder attribute to 777 on FTP), the path will take effect.
If (is_writeable ($ sessSavePath) & is_readable ($ sessSavePath ))
{Session_save_path ($ sessSavePath );}

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.