How Does PHP\'s Session Garbage Collector Affect Session Lifespan?

Session Lifespan Determination

Question:

How can you determine the duration of a session based on the following PHP configuration settings?

session.auto_start  Off Off
session.bug_compat_42   Off Off
session.bug_compat_warn On  On
session.cache_expire    180 180
session.cache_limiter   nocache nocache
session.cookie_domain   no value    no value
session.cookie_httponly Off Off
session.cookie_lifetime 0   0
session.cookie_path /   /
session.cookie_secure   Off Off
session.entropy_file    no value    no value
session.entropy_length  0   0
session.gc_divisor  1000    1000
session.gc_maxlifetime  1440    1440
session.gc_probability  1   1
session.hash_bits_per_character 5   5
session.hash_function   0   0
session.name    PHPSESSID   PHPSESSID
session.referer_check   no value    no value
session.save_handler    files   files
session.save_path   /var/lib/php/session    /var/lib/php/session
session.serialize_handler   php php
session.use_cookies On  On
session.use_only_cookies    Off Off
session.use_trans_sid   0   0

Answer:

While the session.gc_maxlifetime setting specifies the maximum lifetime of session data since its last change, PHP's session handling has some complexities.

Specifically, the garbage collector that removes expired session data is not called by every session_start call. Instead, it is invoked with a probability determined by session.gc_probability (default: 1) and session.gc_divisor (default: 100). This means that even if session data has expired theoretically, it may still be used for a longer period.

To mitigate this issue and ensure reliable session timeouts, it is recommended to implement a custom session timeout mechanism.

The above is the detailed content of How Does PHP\'s Session Garbage Collector Affect Session Lifespan?. For more information, please follow other related articles on the PHP Chinese website!