How does Session’s duration work?

Asked

Viewed 4,278 times

6

Guys I have a php file with the following code:

// Define o limitador de cache
session_cache_limiter('must-revalidate');
$cache_limiter = session_cache_limiter(); 

// Define tempo da sessão
session_cache_expire(300); 
$cache_expire = session_cache_expire();

// Inicia a sessão
session_start();

With it I create a session lasting 5 hours. What I want to know is every time I upload the file it updates the session expiration time or it kills it?

  • I have now seen the detail of the update issue. If it were with session_set_cookie_params i could say that after the session startup, the defined value will be evaluated within the stipulated period, and would not be "renewed" when the user updates the browser.

  • The manual does not say anything about it, but I believe that because it is a function, the value is overwritten every time.

  • @Wallacemaxters my question continues, if I load the page the session gains 30 more minutes?

  • I had made an answer, but I gave up. I don’t know much about these HTTP subjects to explain in depth. But the function you are using will only change the lifespan of the server cache, you have to tinker with the Cookie as well. With my knowledge, if you touch the cookie, through session_cookie_params the time is only counted from the creation of the session. Refresh does not affect the count.

  • In fact the time keeps up. It is relative to Session, regardless of F5.

Show 1 more comment

1 answer

9


The session in PHP consists of a cookie with an identifier, and a server-side cleaning system.

Client side

The time of cookie of the current session from the beginning this, and even if the person continues to access the site, the session will expire at the time stipulated in the preferences, without being automatically renewed.

If you want to extend the session so that the time runs from the last access, and not from the first, you need to renew the cookie session periodically (or each access).

It has several ways, this is of the own PHP manual:

<?php
  $lifetime=600;
  session_start();
  setcookie(session_name(),session_id(),time()+$lifetime);
?>

Another one, taken out of this website is also a good example:

Setcookie(
    ini_get("session.name"),
    session_id(),
    time()+ini_get("session.cookie_lifetime"),
    ini_get("session.cookie_path"),
    ini_get("session.cookie_domain"),
    ini_get("session.cookie_secure"),
    ini_get("session.cookie_httponly")
);


Server side

Do not forget that anyway, this value of the php.ini It needs to be longer than session time. If you have a 2 hour session, use for example 7800 ( 2h * 60m * 60s = 7200, plus 600 to give 10 minutes of "time off"):

In the php.ini:

session.gc_maxlifetime = 7800

You can even use ini_set, But if you have any other page using cookie, with a shorter time of gc, nothing will help, because it will count the shorter time. If you don’t have access to php.ini should set the gc_maxlifetime and the session_save_path

  • Important to note is to put this on all pages that use session_start, better until already put in a include.

  • I understand, but if I keep renewing the cookie the server will not delete the files?

  • the cookie engine is in the browser, Session start takes care of the server side.

  • the '$Lifetime=600' is in minutes?

  • Seconds. In the example above is the current time + 600 seconds. Note that I am on the issue of the cookie renewing the session, but the details are good to see in the setcookie documentation to better understand and adapt to your case. And don’t forget to hit the PHP ini for the duration of the session to be equal to or greater than the value of the cookie.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.