How to set the session expiration time in PHP

Source: Internet
Author: User
Tags phpinfo tmp folder
This article mainly describes the implementation of PHP in the precise setting of the session expiration time method, the need for friends can refer to the following

Most of the time we use the default setting for the session expiration time, and for some special requirements we can set the session expiration time.

For this, you can set php.ini in PHP, find session.gc_maxlifetime = 1440 # (PHP5 default 24 minutes)
Here you can set the expiration time. But some people say that after the setting, it doesn't seem to work!
It doesn't really work, but because the system defaults:

session.gc_probability = 1session.gc_pisor = 1000

Garbage collection There is a probability that 1/1000 is the session 1000 times before being recycled.
As long as you have a large number of visits, it will be able to achieve the effect of recycling.
Or you can set the value of the Session.gc_pisor,
For example:session.gc_pisor = 1, so you can clearly see the effect of the session expires.

Our most common use is in the PHP program, as shown in the following example program:

<?phpif (!isset ($_session[' last_access ') | | (Time ()-$_session[' last_access ') >60) $_session[' last_access '] = time ();? >

This will be done, if you want to set the expired can also be implemented in the program:

<?phpunset ($_session[' last_access ');//or $_session[' last_access ']= ';? >

The session has an expiration mechanism:

Session.gc_maxlifetime Original session expiration is a small probability event, using session.gc_probability and Session.gc_pisor respectively to determine the probability of GC in the running session The default values for Session.gc_probability and session.gc_pisor are 1 and 100, respectively. The probability of a GC in the session is 1%, respectively, by numerator and denominator. If you modify these two values, you will reduce the efficiency of PHP. So this method is wrong!!
Therefore, modifying the gc_maxlifetime variable in the php.ini file can prolong the session Expiration time: (for example, we change the expiration time to 86,400 seconds)
Session.gc_maxlifetime = 86400
Then, restart your Web service (typically Apache).

When the session "Recycle" occurs:

By default, every PHP request will have a 1/100 probability of recycling, so it might simply be understood as "one recovery per 100 PHP requests". This probability is controlled by the following parameters
#概率是gc_probability/gc_pisor

session.gc_probability = 1session.gc_pisor = 100

Note 1: Assuming this situation is gc_maxlifetime=120, if the last modification time of a session file is 120 seconds ago, the session will still be valid until the next recovery (1/100 probability) occurs.

NOTE 2: If your session uses Session.save_path to save the session,session recycle mechanism, it is possible that the expired session file will not be processed automatically. You will need to periodically delete the expired session manually (or crontab):

Cd/path/to/sessions; Find-cmin +24 | Xargs RM

The session in PHP never expires

Do not modify the program is the best way, because if you modify the program, the test department must be very depressed, then only modify the system environment configuration, is actually very simple, open the php.ini settings file, modify three lines as follows:

1, Session.use_cookies

Set this value to 1 and use a cookie to pass the SessionID

2, Session.cookie_lifetime

This represents sessionid the time that the client cookie is stored, the default is 0, which means that the browser shuts down SessionID. This is why the session of PHP cannot be used permanently! So let's set it to a number we think is big, 999999999 how, yes! That's it.

3, Session.gc_maxlifetime

This is the session data on the server side of the storage time, if more than this time, then the session data will be automatically deleted! Then we also set it to 99999999.

That's all OK, of course, if you don't believe it, just test it--set a session value after a 10-day half-month return to see if your computer is not powered down or down, you can still see this sessionid.

Of course, you may not have control of the server permissions and not as fortunate as I can modify the php.ini settings, all depend on ourselves there is a way, of course, we must use the client to store cookies, the resulting sessionid stored in the client's cookie, Set the value of this cookie and pass this value to the function session_id (), as follows:

<?phpsession_start (); Start SESSION $_session[' count ']; Register Session variable Count isset ($PHPSESSID)? session_id ($PHPSESSID): $PHPSESSID = session_id (); If $phpsessid is set, the SessionID is assigned to $PHPSESSID, otherwise SessionID $_session[' count ']++ is generated; Variable count plus 1 setcookie (' Phpsessid ', $PHPSESSID, Time () +3156000); Store SessionID into the cookie echo $count; Displays the value of the session variable count?>

Session invalidation does not pass

Let's write a PHP file: <?=phpinfo (), and upload it to the server to see the configuration of the server's parameters.
Go to the session section and see that the SESSION.USE_TRANS_SID parameter is set to zero.
This parameter specifies whether transparent SID support is enabled, that is, whether the session is passed along with the URL. My personal understanding is that once this parameter is set to 0, then each URL will start a session. In this way, the page cannot be traced back to the previous page of the session, which is what we say cannot be delivered. Two pages generated two session files on the server side, and no association. (Here the precise principle remains to be confirmed)
So one way is to change the value of Session.use_trans_sid to 1 in the config file php.ini.

Of course, we know that not everyone has the authority to change the configuration of PHP, then what is the indirect solution?
Here are two examples to illustrate:
File 1 test1.php

<?php//indicates that the user ID is used to identify the sessionsession_id (SID);//start Sessionsession_start ();//Assign the name of the SESSION to havi$_session[' Name ']= ' Havi ';//output SESSION and set hyperlink to second page Test2.phpecho "<a href=" test2.php "rel=" external nofollow ">". $_session[' Name ']. " </a> ";? >

File 2:test2.php

<?php indicates that the user ID is used to identify the sessionsession_id (SID);//start Sessionsession_start ();//The session passed in the output test1.php. echo "This is". $_session[' name ';? >

So, the focus is on session_start (), preceded by session_id (SID), so when the page is converted, the server uses the session in the server session folder, which resolves the issue of delivery.
But some friends will reflect that, in this way, multiple users of the session is written in a SID, the value of the session will not play out. So there is a workaround for this problem, without adding session_id (SID), if you have configured permissions on the server's php.ini:
Output_buffering change to ON, the truth is not the table.
The second possible reason is that you do not have read permissions to the folder where the session was saved, or return to phpinfo.php to see the address saved by the session:

Session.save_path:var/tmp

So just check to see if the Var/tmp folder is writable.
Write a file: test3.php to test:

<?phpecho Var_dump (is_writeable (Ini_get ("Session.save_path")); >

If you return bool (false) to prove that the file folder permission is limited, then change folders to add in the page you wrote:

Set the current directory session subfolder to save the path for the session. $sessSavePath = DirName (FILE). ' /session/';//If the new path is readable and writable (it can be implemented by changing the folder property to 777 on FTP), let the path take effect. if (is_writeable ($sessSavePath) && is_readable ($sessSavePath)) {Session_save_path ($sessSavePath);}

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.