Php session expiration time setting and recovery mechanism

Source: Internet
Author: User
Tags php session
Welcome to the Linux community forum and interact with 2 million technical staff to enter the php session expiration time setting and recovery mechanism. For details, modify the php session expiration time to modify the php configuration file php. session in ini. gc_maxlifetime. each time php sends a request, it has a 1100 probability (default) to trigger the "session response

Welcome to the Linux community forum and interact with 2 million technical staff> go to php to set the session expiration time and recycle mechanism. For details, modify the session expiration time in php to modify the php configuration file php. session in ini. gc_maxlifetime. each time php sends a request, it has a 1/100 probability (default) to trigger the "session response

Welcome to the Linux community forum and interact with 2 million technicians>

Php session expiration time setting and recovery mechanism:

Modify the session expiration time in php to modify the session. gc_maxlifetime in the php configuration file php. ini.

Each time php sends a request, it has a 1/100 probability (default) to trigger "session reclaim ". if "session Recycle" occurs, the/tmp/sess _ * file will be checked. If the last modification time exceeds 1440 seconds (the value of gc_maxlifetime ), delete it, which means that these sessions expire.

1. How does a session exist on the server (generally Apache with PHP module?

By default, php stores the session in the/tmp directory. The file name is as follows: sess_01aab840166fd1dc253e3b4a3f0b8381. Each file corresponds to a session ).

More/tmp/sess_01aab840166fd1dc253e3b4a3f0b8381

Username | s: 9: "phpzixue.cn"; admin | s: 1: "0 ″;

# Variable name | type: length: Value

Deleting the session file indicates that the corresponding session is invalid.

2. How does a session exist on the client (usually a browser?

On the browser side, you only need to save the session ID (the unique ID generated by the server. there are two storage methods: cookie and url. if the session ID is saved in the cookie, the browser's cookie contains a PHPSESID variable. if the URL is passed, you can see the following:

Index. php? PHPSESID = 01aab840166fd1dc253e3b4a3f0b8381 URL. (The server uses session. use_cookies to control which method to use)

3. on the server side, how does php determine whether the session file has expired?

If the "last modification time" has exceeded "gc_maxlifetime (default value: 1440) seconds, this session file will be considered to have expired. During the next session collection, if this file has not been changed, the session file will be deleted (the session will expire ).

Simply put, if I log on to a website and have not performed any operations within 1440 seconds (default), the corresponding session will be deemed to have expired.

Therefore, modifying the gc_maxlifetime variable in the php. ini file can prolong the session expiration time: (for example, we can change the expiration time to 86400 seconds)

Session. gc_maxlife time = 86400

Restart your web Service (generally apache.

Note: The recycle mechanism is used for session expiration in php5. the time is set to 86400 seconds. If the session has not been modified within 86400 seconds, it will be deleted during the next "recycle" operation.

4. When will the session be recycled?

By default, every php request has a 1/100 probability of recovery, so it may be simply understood as "every 100 php requests are recycled once". this probability is controlled by the following parameters:

# The probability is gc_probability/gc_pisor.

Session. gc_probability = 1

Session. gc_pisor = 100

Note 1: Assume that gc_maxlifetime = 120. If the last modification time of a session file is before 120 seconds, before the next recovery (1/100 probability, this session is still valid.

NOTE 2: If your session uses session. the save_path stores sessions elsewhere. The session recycle mechanism may not automatically process expired session files. in this case, you need to manually (or crontab) delete expired sessions: cd/path/to/sessions; find-cmin + 24 | xargs rm

5. Special Cases

Because the recycle mechanism checks the "last modification time" of the file, if a session is active but the session content has not changed, the corresponding session file has not changed, the recycle mechanism will delete a session that has not been active for a long time. this is something we don't want to see. You can solve this problem by adding the following simple code:

If (! Isset ($ _ SESSION ['last _ access']) | (time ()-$ _ SESSION ['last _ access'])> 60)

$ _ SESSION ['last _ access'] = time ();

?>

The Code attempts to modify the session every 60 seconds.

Conclusion: If you want to modify the session expiration time, you can modify the variable gc_maxlifetime. the session of php5 adopts a passive collection mechanism (garbage collection ). the expired session file will not disappear, but will be processed by triggering "recycle.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.