How to set the exact session expiration time in PHP _php tips

Most of the time we use the default setting for session expiration, and we can set the session expiration time for some special requirements.

For this, you can set php.ini in PHP, find session.gc_maxlifetime = 1440 # (default 24 minutes for PHP5)
Here you can set the expiration time casually. But some people say that after setting, it doesn't seem to work!
It's not that it doesn't work, it's because the system defaults:

session.gc_probability = 1
session.gc_divisor = 1000

Garbage collection has a probability, 1/1000 is the session 1000 times to be recycled.
as long as you have a large number of visits, it can achieve the effect of recycling.
Or you can set the value of Session.gc_divisor,
For example:session.gc_divisor = 1, so you can obviously see the effect of the session expiration.

Our most common use is to set up in a PHP program, as shown in the following example program:

<?php
if (!isset ($_session[' last_access ')) | | (Time ()-$_session[' last_access ') >60)
$_session[' last_access '] = time ();
? >

This is done, and you can implement it in your program if you want to set the expiration date:

<?php
unset ($_session[' last_access '));//or $_session[' last_access ' ']= ';
? >

The session has expired mechanisms:

Session.gc_maxlifetime the original session expiration is a small probability event, using session.gc_probability and Session.gc_divisor respectively to determine the probability of the GC in the running session The default values for Session.gc_probability and session.gc_divisor are 1 and 100, respectively. For numerator and denominator, the probability of a GC in session is 1%. If you modify these two values, you can reduce the efficiency of PHP. So this method is wrong!!
Therefore, modifying the gc_maxlifetime variable in the php.ini file can prolong the expiration of the session: (for example, we modify the expiration time to 86,400 seconds)
Session.gc_maxlifetime = 86400
Then, restart your Web service (typically Apache).

When the session "Recycle" occurs:

By default, each time a PHP request, there will be 1/100 of the probability of recycling, so it may be simply understood as "every 100 times PHP request has a recycle." This probability is controlled by the following parameters
#概率是gc_probability/gc_divisor

session.gc_probability = 1
session.gc_divisor = 100

Note 1: Assuming this situation is gc_maxlifetime=120, if a session file is last modified 120 seconds ago, the session will still be valid until the next time the recovery (1/100 probability) occurs.

NOTE 2: If your session uses Session.save_path to save the session,session recycle mechanism, it is possible that the expired session file will not be processed automatically. This requires a timed manual (or crontab) deletion of expiredsessions:

Cd/path/to/sessions; Find-cmin +24 | Xargs RM

The session in PHP never expires

Do not modify the program is the best way, because if you modify the program, the test department must be very depressed, then can only modify the system environment configuration, in fact very simple, open php.ini settings file, modify three lines as follows:

1, Session.use_cookies

Set this value to 1, using a cookie to pass the SessionID

2, Session.cookie_lifetime

This represents the SessionID in the client cookie store time, the default is 0, on behalf of the browser a close sessionid on the void ... That's why PHP's session cannot be used permanently! So let's set it to a number that we think is big, how about 999999999, yes! That's it.

3, Session.gc_maxlifetime

This is the session data stored on the server side of the time, if more than this time, then the session data will be automatically deleted! So we also set it to 99999999.

It's all OK, of course you don't believe it. Test it--set a session value after a 10-day half-month return to see if your computer is not powered down or down, you can still see the SessionID.

Of course, maybe you don't have the right to control the server. Not as lucky as I can modify the php.ini settings, all rely on our own also have a way, of course, we must use the client to store cookies, the resulting sessionid stored in the client's cookie, Set the value of this cookie, and then pass this value to the session_id () function, as follows:

<?php
session_start ()//start session 
$_session[' count ';//Register Session variable Count 
isset ($PHPSESSID)? session_id ($PHPSESSID): $PHPSESSID = session_id (); 
If $phpsessid is set, the SessionID is assigned to $PHPSESSID, otherwise the SessionID 
$_session[' count ']++ is generated;//variable count plus 1 
setcookie (' Phpsessid ', $PHPSESSID, Time () +3156000); Stores the echo $count in the cookie SessionID 
;//Displays the value of the session variable count 
?>

Session failure not delivered

We first write a PHP file: <?=phpinfo (), upload to the server to see the server's parameter configuration.
Go to the session section and see that the SESSION.USE_TRANS_SID parameter is set to zero.
This parameter specifies whether transparent SID support is enabled, that is, whether the session is passed along with the URL. My personal understanding is that once this parameter is set to 0, then each URL will start a session. This way the back page will not be able to track the previous page of the session, which is what we say cannot be delivered. Two pages generated two session files on the server side and were not associated. (Here the exact principle remains to be confirmed)
So one way is to change the value of Session.use_trans_sid to 1 in the configuration file php.ini.

Of course, we know, not everyone has the right to change the configuration of PHP, then what is the indirect solution?
Here are two examples to illustrate:
File 1 test1.php

<?php
//indicates that the session
session_id (SID) is identified by using a user ID;
Start session
Session_Start ();
Assigns the name of the session to Havi
$_session[' name ']= ' Havi ';
Output session and Set hyperlink to second page test2.php
echo "<a href=" test2.php "rel=" external nofollow ">". $_session[' name '. " </a> ";
? >

File 2:test2.php

<?php
indicates that the session
session_id (SID) is identified by using a user ID;
Start session
Session_Start ();
The session that is passed in the output test1.php.
echo "This is". $_session[' name ';
? >

So, the emphasis is on session_start (); session_id (SID); When the page is converted, the server uses the session in the server session folder, which solves the problem of delivery.
However, a friend will reflect that, as a result, multiple users of the session is written in a SID, that the session value can not be played out. So there's another way to solve this problem without adding session_id (SID), if you have configured permissions on the server's php.ini:
Output_buffering changed to ON, the truth is not the table.
The second possible reason is that the folder where the session is saved to the server does not have Read permission or is returned to the phpinfo.php to view the address saved by the session:

Session.save_path:var/tmp

So just check to see if the Var/tmp folder is writable.
Write a file: test3.php to test:

<?php
Echo var_dump (is_writeable ini_get ("Session.save_path"));
? >

If you return bool (FALSE), the document folder Write permission is limited, then change folders, in the Web page you wrote to add:

Sets the session subfolder to save the path for the session under the current directory.
$sessSavePath = dirname (__file__). ' /session/';
If the new path is readable and writable (you can change the folder property to 777 on FTP), make the path effective.
if (is_writeable ($sessSavePath) && is_readable ($sessSavePath))
{
Session_save_path ($sessSavePath);
}