PHP session expiration mechanism and configuration

Problem: The use of PHP session will encounter clearly exceeded the session expiration time, but the session is still intact alive, so that the head big.

Actually take a closer look at php.ini about the PHP session recovery mechanism is at a glance.

Session recovery mechanism:

PHP uses garbage Collection process to reclaim the expired session, but not every time the session is established, it can evoke the 'garbage Collection' process, The GC is started with a certain probability. This is mainly out of the server performance considerations, each session triggered GC, browsing volume, the server is too much, but in accordance with a certain probability to open the GC, when the flow of large, the session expiration mechanism can run normally, and the efficiency of the server is saved. The details should be accumulated over years of experience.

three parameters related to the expiration of a PHP session (In php.ini):

session.gc_probability = 1
Session.gc_divisor = 1000
Session.gc_maxlifetime = 1440

GC start probability = Gc_probability/gc_divisor = 0.1%

Session Expiration Time Gc_maxlifetime, units: seconds

Suggestions:

Test yourself, of course, the session expires the probability of setting the larger the better, the expiration effect is obvious.

When the Web service is formally provided, the session expiration probability needs to consider the session expiration probability according to the Web service's browsing volume and the server's performance. It is obviously unwise to turn on GC for each session.

Workaround:

Manually in the code to set the last access time for the session, and each access to determine whether the access interval exceeds the time limit, more than the manual destruction session, not exceeding the last access time update. This method can also limit the two access intervals.

profile excerpt (from PHP.ini), the original flavor of the English juice

; Defines the probability, the ' garbage collection ' process is started
; On every session initialization. The probability is calculated by using
; Gc_probability/gc_divisor. Where Session.gc_probability is the numerator
; And Gc_divisor are the denominator in the equation. Setting this value to 1
; When the Session.gc_divisor value was give you approximately a 1% chance
; The GC would run on any give request.
; Default value:1
; Development Value:1
; Production value:1
; Http://php.net/session.gc-probability
session.gc_probability = 1

; Defines the probability, the ' garbage collection ' process is started on every
; Session initialization. The probability is calculated by using the following equation:
; Gc_probability/gc_divisor. Where Session.gc_probability is the numerator and
; Session.gc_divisor is the denominator in the equation. Setting this value to 1
; When the Session.gc_divisor value was give you approximately a 1% chance
; The GC would run on any give request. Increasing this value to the give you
; A 0.1% chance the GC would run on any give request. For high volume production servers,
; This was a more efficient approach.
; Default value:100
; Development value:1000
; Production value:1000
; Http://php.net/session.gc-divisor
Session.gc_divisor = 1000

; After this number of seconds, stored data would be seen as ' garbage ' and
; Cleaned up by the garbage collection process.
; Http://php.net/session.gc-maxlifetime
Session.gc_maxlifetime = 1440

Read more: PHP garbage collection mechanism to prevent memory overflow

PHP session expiration mechanism and configuration