Strictly control the instance for session timeout in php

In php, the session times out in 30 minutes by default, but sometimes it automatically times out in less than 30 minutes. this is inconvenient for many operations. let's take a look at the solution to the 30-minute timeout.

In php, the session times out in 30 minutes by default, but sometimes it automatically times out in less than 30 minutes. this is inconvenient for many operations. let's take a look at the solution to the 30-minute timeout.

First answer

The most common answer is: Set the Session expiration time, that is, session. gc_maxlifetime. this answer is incorrect because:

1. first, PHP runs the session gc with a certain probability, that is, the session. gc_probability and session. gc_divisor (for details, refer to a small probability Notice of Session Gc for a deep understanding of PHP principles). the default values are 1 and 100, which means there is a 1% chance, PHP will run Session gc when a Session is started. it cannot be guaranteed that it will expire in 30 minutes.

2. what about setting a high probability of cleaning? Why? Because PHP uses the modification time of the stat Session file to determine whether the file has expired. if this probability is increased, the performance will be reduced, PHP uses a "one" file to store Session variables related to a Session. Suppose I set a Session variable a = 1 five minutes ago, five minutes later, another Seesion variable B = 2 is set. the modification time of this Session file is the time when B is added, so a cannot be at 30 minutes, cleared. the third reason is as follows.

3. the default PHP (Linux as an example) is to use/tmp as the default Session storage directory, which is also described in the manual as follows:

Note: If different scripts have different session. gc_maxlifetime values but share session data stored in the same place, the script with the minimum value clears the data. In this case, use this command with session. save_path.

That is to say, if two applications do not specify their own independent save_path, one is set to 2 minutes (assumed as A), and the other is set to 30 minutes (assumed as B ), when Session gc of A is run, Session files of Application B will be deleted at the same time.

Therefore, the first answer is not "completely strict.

Second answer

Another common answer is: Set the carrier of the Session ID, the Cookie expiration time, that is, the session. cookie_lifetime. this is also incorrect because the Cookie expires only because it expires. In other words, the difference between the Cookie and the Session is that the Session expires on the server, cookie expiration is guaranteed by the client (browser). even if you set Cookie expiration, this can only ensure that the Cookie (including Session ID) is not sent when the standard browser expires ), if you construct a request, you can still use the value of this Session ID.

Third answer

The use of memcache, redis, and okey is a correct answer. However, it is clear that the question will be followed up to ask you, what if you just use PHP?

Fourth answer

Of course, the interview is not for you, but for the sake of observing the closeness of thinking. in this process, I will prompt these traps, so in general, the practice that fits the meaning of the question is:

1. set the Cookie expiration time to 30 minutes, and set the Session life time to 30 minutes.

2. add Time stamp for each Session value.

3. determine the timestamp before each access.

A small probability of Session Gc in PHP principles is Notice. If PHP installed with apt is used in ubuntu/Debian, this prompt may be returned when Session is used.

1. PHP Notice: session_start (): ps_files_cleanup_dir:
2. Opendir (/var/lib/php5) failed: Permission denied (13)
3. In/home/laruence/www/htdocs/index. php on line 22 <li>

This is because, in PHP, if file_handler is used as the save handler of the Session, the Gc process of the Session will be run at each session_start.