Posted by Dave on 07/13/05 05:32

Andy Hassall (andy@andyh.co.uk) decided we needed to hear...
> On Mon, 11 Jul 2005 10:05:53 -0400, Dave <dave@REMOVEbundook.com> wrote:
>
> >For sessions to remain active yes you do have to change the
> >session.cookie_lifetime value, and you also should change the
> >session.gc_maxlifetime value to be the same. If you don't then even
> >though the session cookie will remain active for the user, the
> >session data file on the webserver will get deleted in a much
> >shorter period, invalidating the session.
> >
> >Each time you do a session_start(), set the above values using ini_set
> >and you should be good to go...
>
> One thing to remember when modifying session duration settings at runtime is
> that the PHP sessions garbage collector piggy-backs on requests with a
> probability set by a couple of configuration options.
>
> If there are any other pages on the server that don't have the options
> ini_set'ed, then the garbage collector may run from other pages, _with the
> default settings_, so could purge your sessions from the server-side session
> directory if they exceed the default timeout, regardless of what you had in
> force at the time the session started.
>
> For the pages where you change the session settings, you probably also want to
> specify an alternate session.save_path to isolate those session files from the
> rest of the server.

I do actually code all my own ini_sets in an include file which every
page requires, hence I've never really considered the situation you
mention, but its an excellent point so, thanks for the tip.
--
Dave <dave@REMOVEbundook.com>
(Remove REMOVE for email address)

[Back to original message]