Questions about session expiration

A simple login program is used for session expiration. after successful login, the data is saved to the session. I set the session in the configuration file. gc_maxlifetime & nbsp; 60. restart the server. after a few minutes, the session on the page has not expired and the session file has not been deleted. gc_divisor & nb about session expiration
A simple login program was created with session. after successful login, the data was saved to the session. I set the session in the configuration file. gc_maxlifetime = 60. restart the server. but a few minutes later, the session on the page has not expired and the session file has not been deleted. gc_pisor, session. gc_probability is set to 1000. after the server is restarted, the session on the page still does not expire, and the session file is still there. Why does this happen? Are these configurations useless?
There are three files in total. the following code is used:
Login. php:
Session_start ();
If (! Empty ($ _ SESSION ['username'])
{
Header ("location: index. php ");
}
If ($ _ SERVER ['request _ method'] = 'post ')
{
$ UserInfo = loadUserInfo ();
If ($ _ POST ['username'] = 'James '& $ _ POST ['password'] = '000000 '){
$ _ SESSION ['username'] =_ _ POST ['username'];
Header ('Location: index. php ');
} Else {
Echo 'username or password error! ';
}
}

?>

User login





Index. php:
Session_start ();
If (empty ($ _ SESSION ['username'])
{
Header ("location: login. php ");
}
?>

User center

Hello,

Logout



Logout. php:
Session_start ();
If (isset ($ _ SESSION ['username']) {
Setcookie (session_name (), "", 0 );
$ _ SESSION = array ();
Session_destroy ();
Header ('Location: login. php ');
}
?>
------ Solution --------------------
The session becomes invalid when it leaves the website.
Although the expired session temporary file may have the probability that session. gc_probability/session. gc_pisor will be deleted temporarily by the gc process.
However, if the session temporary files are not saved in the temporary directory of the operating system, the gc process will not work for them.
This can be confirmed by tracking the gc method of the custom session handler.

Although the session cannot be deleted as you wish, the sessionid will not be reused. Because sessionid is generated based on time, since you cannot return to a passing moment, sessionid will not be repeated.
Of course, you can also specify a known sessionid.

As long as the browser is not closed and the temporary session file is not deleted, the session is valid no matter how long it takes.
On the contrary, if the pause operation exceeds session. gc_maxlifetime and the temporary session file is deleted again, you have to log on again.

When your system depends on the session, you should customize the session processing and explicitly call the gc method in the open or read method.
To avoid the impact of environmental uncertainties
------ Solution --------------------
Give me some!
------ Solution --------------------
I don't know how to help. after all, I am a PHP hacker and I am still learning.