PHP ini_set session gc_maxlifetime not working

php session ini-set
andytt picture andytt · Mar 19, 2014 · Viewed 14.1k times · Source

I am trying to set gc_maxlifetime in PHP.

Here is the code in 'header.php', and I include it every page.

ini_set('session.cookie_lifetime', 1);
ini_set('session.gc_maxlifetime', 1);
session_start();

I test it with 

echo ini_get('session.gc_maxlifetime');

and it does set to 1.

But it still keep login status, that is, session has not been deleted.

What is the possible reason?

Answer

hank picture hank · Mar 19, 2014

Why doesn't Garbage Collection run?

GC does not always run on every request, default PHP settings is that it is 1% chance to run GC. session.gc_probability (default 1) / session.gc_divisor (default 100) = 0.01 (1% chance)

Relevant manual entry: http://php.net/manual/en/session.configuration.php#ini.session.gc-probability

My suggestion is to store last time a session was touched and check against that value on every page load and if enough time has passed, session_destroy and redirect user to login page.

Related questions

passing session id via url

I'm trying to get my script to use url session id instead of cookies. The following page is not picking up the variable in the url as the session id. I must be missing something. First page http://www.website.…

Read More
Can't use ini_set because session is active

How can I fix this? Warning: ini_set() [function.ini-set]: A session is active. You cannot change the session module's ini settings at this time in C:\xampp\htdocs******.php on line 3 I already tried using session_destroy(); but I …

Read More
PHP Multi-Domain Sessions; ini_set Not Working?

I'm trying to set it up so if you log in to my website the session carries over to all sub-domains of my website. For example, if you go to domain.com and log in, then go to sub.domain.…

Read More