NYCPHP Meetup

[nycphp-talk] Session timing out too soon

Anirudhsinh Zala arzala at gmail.com
Thu Dec 4 23:23:22 EST 2008


On Thursday 04 December 2008 20:01:31 Michael Sims wrote:
> On Thursday 04 December 2008, Aaron Fischer wrote:
> > Greetings,
> >
> > I have an application built for internal use that has a user login and
> > then uses sessions to track their state.  I am running into a problem
> > in that their session seems to expire if they are on one page for
> > somewhere between 15-25 minutes.  This creates a big problem because
> > they type up a long report, submit it and then get booted out of the
> > application without the report being saved.
> >
> > I would like to have the user be able to be logged in for a full eight
> > hour day, regardless of their level of activity.
> >
> > How would I do this?  I would appreciate any suggestions.  Also of
> > note, I am in a shared hosting environment.
>
> This one has been asked before.  The default lifetime for sessions is 24
> minutes.  However, in a shared environment, the default lifetime is the
> lowest of any user's choice; so if one user on the shared server has the
> default lifetime set to 1 minute, EVERYONE'S sessions expire after one
> minute (more or less; read up on how session files are randomly deleted).
> Because PHP can't tell the difference between that user's session files and
> your session files, they're all in the same common directory.
>
> So.  What you need to do is specify your own directory for your session
> files (/sharedserver/myroot/mysessionfiles/), and then set the cleanup
> lifetime to whatever you want (session.gc_maxlifetime).
>
> Here's an explanation with some sample code:
>
> http://www.captain.at/howto-php-sessions.php

I have a confusion about solution mentioned in this article, although I can't 
test this properly.

Read following line from that article:

"Now our session files are stored in the new directory and the regular garbage 
collector will not see them, so those files will survive at least that long 
as defined in gc_maxlifetime."

Does it mean that Garbage collector will automatically remove session files 
after new "session.gc_maxlifetime" value?

However according to PHP manual, as defined in php.ini, one has to write own 
garbage collection solution to clean-up such files. Here is relevant section 
from php.ini.

; NOTE: If you are using the subdirectory option for storing session files
;       (see session.save_path above), then garbage collection does *not*
;       happen automatically.  You will need to do your own garbage
;       collection through a shell script, cron entry, or some other method.
;       For example, the following script would is the equivalent of
;       setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
;          cd /path/to/sessions; find -cmin +24 | xargs rm

If author means that session files will last longer till 
new "session.gc_maxlifetime" but after that "it will do reside there" then he 
would mention about above php.ini's NOTE to design own garbage collection 
method.

Thanks,

Anirudh Zala

>
> Michael Sims





More information about the talk mailing list