In php, the session expiration time setting has been answered by many people online: modify the session. gc_maxlifetime in the php configuration file. If you want to learn more about the session collection mechanism, continue to read. (Php5.2 in this article) Overview: each php request has a 1100 probability (default) to trigger "session reclaim ". If "session recycle" occurs, the system checks the session expiration time settings in the file tmpsess _ * in php.
Many people on the Internet have provided answers: modify session. gc_maxlifetime in the php configuration file. If you want to learn more about the session collection mechanism, continue to read. (Php5.2 in this article)
Summary: each php request has a 1/100 probability (default) to trigger "session reclaim ". If "session recycle" occurs, the/tmp/sess _ * file will be checked. if the last modification time exceeds 1440 seconds (the value of gc_maxlifetime ), delete it, which means that these sessions expire.
1. how does a session exist on the server (generally Apache with PHP module?
By default, php stores the session in the/tmp Directory. the file name is as follows: sess_01aab840166fd1dc253e3b4a3f0b8381. Each file corresponds to a session ).
More/tmp/sess_01aab840166fd1dc253e3b4a3f0b8381
Username | s: 9: "jiangfeng"; admin | s: 1: "0 blocks 〃;
# Variable name | type: Length: value
Deleting the session file indicates that the corresponding session is invalid.
2. how does a session exist on the client (usually a browser?
On the browser side, you only need to save the session ID (the unique ID generated by the server. There are two storage methods: cookie and url. If the session ID is saved in the cookie, you can see that there is a PHPSESID variable in the browser's cookie. If the URL is passed, you can see the following:
Index. php? PHPSESID = 01aab840166fd1dc253e3b4a3f0b8381 URL. (The server uses session. use_cookies to control which method to use)
3. on the server side, how does php determine whether the session file has expired?
If the "last modification time" has exceeded "gc_maxlifetime (default value: 1440) seconds, this session file is considered to have expired. during the next session collection, if this file has not been changed, the session file will be deleted (The session will expire ).
Simply put, if I log on to a website and have not performed any operations within 1440 seconds (default), the corresponding session will be deemed to have expired.
Therefore, modifying the gc_maxlifetime variable in the php. ini file can prolong the session expiration Time: (for example, we can change the Expiration Time to 86400 seconds)
Session. gc_maxlife time = 86400
Then, restart your web service (generally apache.
Note: The recycle mechanism is used for session expiration in php5. The time is set to 86400 seconds. if the session has not been modified within 86400 seconds, it will be deleted during the next "recycle" operation.
3. When will session "recycle" occur?
By default, every php request will have a 1/100 probability of recovery, so it may be simply understood as "every 100 php requests will be recycled once ". This probability is controlled by the following parameters:
# The probability is gc_probability/gc_pisor.
Session. gc_probability = 1
Session. gc_pisor = 100
Note 1: assume that gc_maxlifetime = 120. if the last modification time of a session file is before 120 seconds, before the next recovery (1/100 probability, this session is still valid.
Note 2: If your session is saved elsewhere in session. save_path, the session recycle mechanism may not automatically process expired session files. In this case, you need to manually (or crontab) delete expired sessions: cd/path/to/sessions; find-cmin + 24 | xargs rm
4. Special cases
Because the recycle mechanism checks the "last modification time" of the file, if a session is active but the session content has not changed, the corresponding session file has not changed, the recycle mechanism will delete a session that is not active for a long time. This is something we don't want to see. you can solve this problem by adding the following simple code:
If (! Isset ($ _ SESSION ['last _ access']) | (time ()-$ _ SESSION ['last _ access'])> 60)
$ _ SESSION ['last _ access'] = time ();
?> The code attempts to modify the session every 60 seconds.
Conclusion: If you want to modify the session expiration time, you can modify the variable gc_maxlifetime. The session of php5 adopts a passive collection mechanism (garbage collection ). The expired session file will not disappear, but will be processed by triggering "recycle.
