Parsing the session expiration setting for PHP

Many people on the Web have answered: Modify the session.gc_maxlifetime in the PHP configuration file. If you want to learn more about the session recycling mechanism, read on. (This article Environment php5.2)

Overview: each time a PHP request, a 1/100 probability (the default) triggers a "session recycle". If "Session recycling" occurs, the/tmp/sess_* file is checked, and if the last modification time is now more than 1440 seconds (the Gc_maxlifetime value), it is deleted, meaning that these sessions expire.

1. How does session exist on the server side (typically Apache with PHP module)?
By default, PHP saves the session in the/tmp directory, and the file name looks like this: sess_01aab840166fd1dc253e3b4a3f0b8381. Each file corresponds to a session.
more/tmp/sess_01aab840166fd1dc253e3b4a3f0b8381
Username|s:9: "Jiangfeng"; admin|s:1: "0″;
#变量名 | Type: Length: Value
Delete the session file here, it means that the corresponding session is invalid.

2. How does the session exist on the client side (typically the browser)?
session is on the browser side, you can simply save the session ID (the unique ID generated by the server side). There are two ways to save: In a cookie, in a URL. If you save the session ID in a cookie, you can see that there is a PHPSESID variable in the browser's cookie. If the URL is passed, you can see the shape:
Index.php? The URL of the phpsesid=01aab840166fd1dc253e3b4a3f0b8381. (using Session.use_cookies to control which way to use on the server side)

3. On the server side, how does PHP determine if the session file expires?
If the "last modified" to "now" exceeds Gc_maxlifetime (default is 1440) seconds, the session file is considered expired, and at the next session collection, If the file is still not changed, the session file will be deleted (sessions expire).
Simply put, if I log on to a Web site, if I do not operate within 1440 seconds (the default), then the corresponding session is considered expired.
Therefore, modifying the gc_maxlifetime variable in the php.ini file can prolong the expiration of the session: (for example, we modify the expiration time to 86,400 seconds)
Session.gc_maxlifetime = 86400
Then restart your Web service (typically Apache).
Note: php5 The session expired using the recycle mechanism. This setting has a time of 86,400 seconds, and if the session has not been modified in 86,400 seconds, then the next "recycle" is really deleted.

3. When does the session "recycle" occur?
By default, each time a PHP request has a 1/100 probability of being recycled, it may be simply understood as "one recycle per 100 PHP requests." This probability is controlled by the following parameters
#概率是gc_probability/gc_divisor
session.gc_probability = 1
session.gc_divisor =%
Note 1: Assuming this gc_maxlifetime=120, if a session file is last modified 120 seconds ago, before the next collection (the probability of 1/100), This session is still valid.
Note 2: If your session uses Session.save_path in other places to save session,session the recycle mechanism may not automatically process expiration Session file. At this time need to manually (or crontab) to delete expired session:cd/path/to/sessions; Find-cmin +24 | Xargs RM

4. Some special cases
because the recycle mechanism checks the file's "Last Modified time", so if a session is active, the contents of the sessions do not change. Then the corresponding session file has not changed, the recycling mechanism will think that this is a long time no active sessions and delete it. This is something we don't want to see, and we can solve this problem by adding the following simple code:
<?php if (!isset $_session[' last_access ') | | (Time ()-$_session[' last_access ']) >60) $_session[' last_access '] = ();
Code tries to modify the session every 60 seconds.
Summary: If you want to modify the session expiration time, modify the variable gc_maxlifetime. The PHP5 session uses a passive recovery mechanism (garbage collection). Expired session files do not disappear on their own, but instead handle expired sessions by triggering a "recycle".