This is the default PHP behavior, see here.
There are two different things that should be noticed in the sessions, being him:
session.cookie_lifetime
defines the time when the cookie session will be deleted in seconds. The expiration time of the cookie is defined when it is created, in the session_start()
, and is not updated! If the value is 0
the cookie will be available until the browser is closed, which is the default.
session.gc_maxlifetime
sets the time that the session file will be understood as "trash" and potentially will be deleted, it takes into consideration the date of the last session file update.
/!\ This is not recommended!
If you want the archives of the sessions to be "permanent", as well as the cookies, you can simply use:
session.cookie_lifetime = 31536000
session.gc_maxlifetime = 31536000
This will make sessions at best available for 1 year.
Now let’s go to trouble.
The session is divided into two steps, a cookie in the browser and a file on the server.
Defining a gc_maxlifetime
high will make the server have several useless files, literally. The uselessness can occur for several factors, the most common is because the user has deleted the cookies or simply never again accessed the website.
Define a cookie_lifetime
tall no problem, in my view, the only problem is that it becomes easy to steal the session (the value of the cookie) because it will only expire next year.
"Solution":
Define a cookie_lifetime
a week, for example. This will cause the cookie to die after a week of creation. In addition it is necessary that the session contents (the files) are also present, so change the gc_maxlifetime
for also a week.
Also, when the user connects create a new cookie, with the same session, this way will "renew" the one week deadline to expire the cookie, ie if the user accesses 6 days later instead of remaining 1 day will remain new 7 days.
Another solution is to save everything in cookie and set a high expiration time, so no session will be used, no server file will be read, everything will be read on the client side for itself, but this varies from case to case.
Rephrase, show the code, Tell me what this component is, etc. You can’t guess what’s going on. The developer, aware of the code, did not succeed, imagine if someone here will succeed. Anyone who answers your question the way it is will just be kicking, and kicking doesn’t help solve anything ;)
– ShutUpMagda