How to modify the session survival time in php

First of all, let’s manually set the lifetime of the session, as follows:

＜?php
session_start(); 
// 保存一天 
$lifeTime = 24 * 3600; 
setcookie(session_name(), session_id(), time() + $lifeTime, "/"); 
?＞

In fact, Session also provides a function session_set_cookie_params(); to set the lifetime of the Session. , this function must be called before the session_start() function is called:

＜?php 
// 保存一天 
$lifeTime = 24 * 3600; 
session_set_cookie_params($lifeTime); 
session_start();
$_SESSION["admin"] = true; 
?＞

If the client uses IE 6.0, there will be some problems with the session_set_cookie_params(); function setting Cookie, so we still call the setcookie function manually to create it cookies.

Session expiration time setting in php

Many people on the Internet have given the answer: modify session.gc_maxlifetime in the php configuration file. If you want to know more about the session recycling mechanism, continue reading. (This article's environment is php5.2)

Overview: Every PHP request has a 1/100 probability (default value) of triggering "session recycling". If "session recycling" occurs, the /tmp/sess_* files will be checked. If the last modification time exceeds 1440 seconds (the value of gc_maxlifetime), they will be deleted, which means that these sessions have expired.

1. How does session exist on the server side (usually Apache with PHP module)?

By default, PHP will save the session in the /tmp directory, and the file name will be like this: sess_01aab840166fd1dc253e3b4a3f0b8381. Each file corresponds to a session.

more /tmp/sess_01aab840166fd1dc253e3b4a3f0b8381
username|s:9:”jiangfeng”;admin|s:1:”0″;
#变量名|类型:长度:值

Deleting the session file here means that the corresponding session is invalid.

(Learning video sharing: php video tutorial)

2. How does session exist on the client side (usually a browser)?

session On the browser side, you only need to save the session ID (the unique ID generated by the server side). There are two ways to save it: in cookies and in URLs. If the session ID is saved in the cookie, you can see that there is a PHPSESID variable in the browser's cookie. If it is passed by URL, you can see the URL in the form:
index.php?PHPSESID=01aab840166fd1dc253e3b4a3f0b8381. (On the server side, use session.use_cookies to control which method is used)

3. On the server side, how does PHP determine whether the session file has expired?

If the "last modification time" to "now" exceeds gc_maxlifetime (default is 1440) seconds, the session file is considered expired. When the next session is recycled, if the file has not been If changed, the session file will be deleted (the session will expire).

Simply put, if I log in to a website and there is no operation within 1440 seconds (default value), then the corresponding session is considered to have expired.

So, modify the gc_maxlifetime variable in the php.ini file to extend the expiration time of the session: (for example, we modify the expiration time to 86400 seconds)

session.gc_maxlifetime = 86400

Then, restart your A web service (usually apache) will do.

Note: PHP5 uses a recycling mechanism when session expires. The time set here is 86400 seconds. If the session has not been modified within 86400 seconds, it will not be deleted until the next "recycling".

3. When does session "recycling" occur?

By default, for every PHP request, there will be a 1/100 probability of recycling, so it may be simply understood as "one recycling occurs for every 100 PHP requests." This probability is controlled by the following parameters

#概率是gc_probability/gc_divisor
session.gc_probability = 1
session.gc_divisor = 100

Note 1: Assume that in this case gc_maxlifetime=120, if a session file was last modified 120 seconds ago, then it will be recycled in the next time (1/100 probability) Before this occurs, the session is still valid.

Note 2: If your session uses session.save_path to save the session elsewhere, the session recycling mechanism may not automatically process expired session files. At this time, you need to delete expired sessions manually (or crontab) regularly: cd /path/to/sessions; find -cmin 24 | xargs rm

4. Some special circumstances

because of the recycling mechanism The "last modification time" of the file will be checked, so if a session is active, but the content of the session has not changed, then the corresponding session file has not changed, and the recycling mechanism will consider this to be a session that has not been active for a long time. session and delete it. This is something we don't want to see. We can solve this problem by adding the following simple code:

<?php
if(!isset($_SESSION[&#39;last_access&#39;])||(time()-$_SESSION[&#39;last_access&#39;])>60)
 $_SESSION[&#39;last_access&#39;] = time();
?>

The code will try to modify the session every 60 seconds.

Summary: If you want to modify the session expiration time, just modify the variable gc_maxlifetime. PHP5's session uses a passive recycling mechanism (garbage collection). Expired session files will not disappear by themselves, but expired sessions will be processed by triggering "recycling".

Related recommendations: php introductory tutorial

The above is the detailed content of How to modify the session survival time in php. For more information, please follow other related articles on the PHP Chinese website!