[imp] Sessions and php.ini

Eric Rostetter eric.rostetter at physics.utexas.edu
Wed Feb 12 10:18:03 PST 2003


Quoting Nigel Cass <N.Cass at Hull.ac.uk>:

> One such user swears that she is never away from her webmail session for
> longer than an hour (looking thru the logs kind of backs this up - but not
> quite....) but that she gets problems with session expiration.

Need more info, like php version, does she have cookies disabled in the
browser, etc?
 
> My php.ini settings that I consider relevant are.
> 
> session.cookie_lifetime = 0
> session.gc_probability = 1
> session.gc_maxlifetime = 12600

Session cookie settings would be nice also, and what session storage you use.
Will assume file based storage on unix.

> My question for the php experts

I'm no expert, but I'll chime in anyway with my opinion.

> is this (and I have looked thoroughly at the
> php site and a couple of books and it's not clear) does
> session.gc_maxlifetime have any concept of idle time

It works off of atime of the session file if using files (so make sure
the disk you save session files to updates atime).  So yes, it has 
some limited concept of idle time, but it is limited.

> or does it simply say
> after this much time you can junk it whether idle or not ?

It says if it is older than the timeout via the session file's atime, then
it can be trashed.  This doesn't mean that the user was idle, but that the
session file wasn't accessed for some period of time.

> - A lot of posts
> to the mailing list suggest that it's idle time that matters.

If the user is idle, it should get trashed.  If the user is working on
something which doesn't update the session file, then it will get trashed
(e.g. if they are composing a mail message and have no refresh set for the
current page).  So, it is if the (atime) of the session file is idle,
which often but not always corresponds to if the user is idle.

> However
> reading the actual description of the setting doesn't suggest that is
> necessarily the case. If not what is the setting for idle time ?

There is no setting for idle time.  It is purely based on session file
access.  If the session file is being accessed, it should remain intact.
If it isn't, it should be getting trashed.  Most operations will cause
a session file access, but not all operations do.

> TYIA
> 
> Nigel.

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Why get even? Get odd!


More information about the imp mailing list