Can someone please tell me how long my session will last from the data below? – I’m not sure which one tells me
session.auto_start Off Off session.bug_compat_42 Off Off session.bug_compat_warn On On session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_httponly Off Off session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 1000 1000 session.gc_maxlifetime 1440 1440 session.gc_probability 1 1 session.hash_bits_per_character 5 5 session.hash_function 0 0 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path /var/lib/php/session /var/lib/php/session session.serialize_handler php php session.use_cookies On On session.use_only_cookies Off Off session.use_trans_sid 0 0
In general you can say session.gc_maxlifetime specifies the maximum lifetime since the last change of your session data (not the last time
session_start was called!). But PHP’s session handling is a little bit more complicated.
Because the session data is removed by a garbage collector that is only called by
session_start with a probability of session.gc_probability devided by session.gc_divisor. The default values are 1 and 100, so the garbage collector is only started in only 1% of all
session_start calls. That means even if the the session is already timed out in theory (the session data had been changed more than session.gc_maxlifetime seconds ago), the session data can be used longer than that.
Because of that fact I recommend you to implement your own session timeout mechanism. See my answer to How do I expire a PHP session after 30 minutes? for more details.
This is the one. The session will last for 1440 seconds (24 minutes).
session.gc_maxlifetime 1440 1440
EDIT: Others have mentioned the
session.gc_maxlifetime setting. When session garbage collection occurs, the garbage collector will delete any session data that has not been accessed in longer than
session.gc_maxlifetime seconds. To set the time-to-live for the session cookie, call
session_set_cookie_params() or define the
session.cookie_lifetime PHP setting. If this setting is greater than
session.gc_maxlifetime, you should increase
session.gc_maxlifetime to a value greater than or equal to the cookie lifetime to ensure that your sessions won’t expire.
You’re searching for gc_maxlifetime, see http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime for a description.
Your session will last 1440 seconds which is 24 minutes (default).