Php to precisely set the session expiration time

This article describes how to precisely set the session expiration time in php. For more information, see

This article describes how to precisely set the session expiration time in php. For more information, see

In most cases, we use the default set time for the session expiration time. For some special requirements, we can set the session expiration time.

In PHP, set php. ini and find session. gc_maxlifetime = 1440 #(PHP5 is 24 minutes by default)
You can set the expiration time as needed, but some people say that it does not work after the setting!
In fact, it is not ineffective, but because the system default:

Session. gc_probability = 1session. gc_pisor = 1000

The garbage collection has a probability that 1/1000 means that the session is recycled only once for 1000 times.
As long as your traffic volume is high, the recovery effect can be achieved.
Or you can set the value of session. gc_pisor,
For example: session. gc_pisor = 1, so that you can see the effect of SESSION expiration.

The most common setting is in the php program, as shown in the following example:

<? Phpif (! Isset ($ _ SESSION ['last _ access']) | (time ()-$ _ SESSION ['last _ access'])> 60) $ _ SESSION ['last _ access'] = time ();?>

In this way, if you want to set an expiration date, you can also implement it in the program:

<? Phpunset ($ _ SESSION ['last _ access']); // or $ _ SESSION ['last _ access'] = '';?>

The session has an expiration mechanism:

Session. gc_maxlifetime the original session expiration is a small probability event, respectively using session. gc_probability and session. gc_pisor is used to determine the probability of gc sessions in the running session. gc_probability and session. the default values of gc_pisor are 1 and 100, respectively. The probability of gc running in the session is 1% for the numerator and denominator respectively. If you modify these two values, the efficiency of php is reduced. So this method is not correct !!
Therefore, modifying the gc_maxlifetime variable in the php. ini file can prolong the session expiration time: (for example, we can change the expiration time to 86400 seconds)
Session. gc_maxlife time = 86400
Then, restart your web Service (generally apache.

When the session "recycle" occurs:

By default, every php request will have a 1/100 probability of recovery, so it may be simply understood as "every 100 php requests will be recycled once ". This probability is controlled by the following parameters:
# The probability is gc_probability/gc_pisor.

Session. gc_probability = 1session. gc_pisor = 100

Note 1: Assume that gc_maxlifetime = 120. If the last modification time of a session file is before 120 seconds, before the next recovery (1/100 probability, this session is still valid.

NOTE 2: If your session is saved elsewhere in session. save_path, the session recycle mechanism may not automatically process expired session files. In this case, you need to manually (or crontab) delete expired sessions:

Cd/path/to/sessions; find-cmin + 24 | xargs rm

PHP session never expires

It is the best way not to modify the program, because if you modify the program, the test department must be very depressed, then you can only modify the system environment configuration, in fact, it is very simple, open php. ini settings file. Modify the following three lines:

1. session. use_cookies

Set this value to 1 and use cookie to pass sessionid

2. session. cookie_lifetime

This indicates the time when SessionID is stored in the client Cookie. The default value is 0, indicating that the session ID will be voided once the browser closes it ...... This is why PHP sessions cannot be used permanently! So let's set it to a number that we think is big. How about 999999999? Yes! That's it.

3. session. gc_maxlifetime

This is the time when Session data is stored on the server. If this time is exceeded, Session data will be automatically deleted! Then we set it to 99999999.

So everything is okay. If you don't believe it, test it. Set a session value for 10 days and half a month, if your computer is not powered off or goes down, you can still see this sessionid.

Of course, you may not be able to modify php just as lucky as you do not have permission to control the server. ini settings, everything depends on ourselves. Of course, we must use the client to store cookies, store the sessionID to the client's cookie, and set the cookie value, then pass the value to the session_id () function. The procedure is as follows:

<? Phpsession_start (); // start the Session $ _ SESSION ['Count']; // register the Session variable count isset ($ PHPSESSID )? Session_id ($ PHPSESSID): $ PHPSESSID = session_id (); // If $ PHPSESSID is set, the SessionID is assigned to $ PHPSESSID, otherwise, generate SessionID $ _ SESSION ['Count'] ++; // variable count plus 1 setcookie ('phpsessid ', $ PHPSESSID, time () + 3156000 ); // store the SessionID to the Cookie echo $ count; // display the Session variable count value?>

Session failure does not pass

First, write a PHP file: <? = Phpinfo ()?>, Upload it to the server to check the server parameter configuration.
Go to the session section and check that the session. use_trans_sid parameter is set to zero.
This parameter specifies whether transparent SID support is enabled, that is, whether the session is transmitted along with the URL. In my personal understanding, once this parameter is set to 0, each URL will start a session. In this way, the session of the previous page cannot be tracked, that is, the session of the previous page cannot be passed. The two pages generate two session files on the server without association. (The exact principle is to be confirmed here)
Therefore, in the configuration file php. ini, change the value of session. use_trans_sid to 1.

Of course, we know that not everyone has the permission to modify the php configuration. So what indirect solutions are there?
The following describes two instances:
File 1 test1.php

<? Php // indicates the sessionsession_id (SID) identified by the user ID; // start sessionsession_start (); // assign the session name to Havi $ _ SESSION ['name'] = "Havi"; // output the session and set the hyperlink to test2.phpecho "" on the second page "". $ _ SESSION ['name']. "";?>

File 2: test2.php

<? Php indicates the sessionsession_id (SID) identified by the user ID; // start sessionsession_start (); // output the session passed in test1.php. Echo "This is". $ _ SESSION ['name'];?>

Therefore, the focus is to add session_id (SID); before session_start ();. In this way, the server uses the session saved in the session folder of the server during page conversion, solved the transfer problem.
However, some may say that, as a result, the session value of multiple users is written in one SID, and the value of the Session cannot be realized. To solve this problem, you do not need to add session_id (SID). The premise is that you have the permission to configure php. ini on the server:
If you change output_buffering to ON, the table will not be displayed.
The second possible cause is that you do not have the read permission on the folder where the session is saved on the server, or go back to phpinfo. php to view the address saved by the session:

Session. save_path: var/tmp

Check whether the var/tmp folder is writable.
Write a file: test3.php to test it:

<? Phpecho var_dump (is_writeable (ini_get ("session. save_path");?>

If bool (false) is returned to prove that the folder write permission is restricted, change the folder and add the following to Your webpage: