php.ini sets the default session.gc_maxlifetime value to 1440. How should I understand this value.
When I visit a website that requires login, usually the login will not fail as long as I have been operating it. If there is no operation for a period of time, I need to log in again. I read some information on the Internet and learned about the session storage method and recycling mechanism, but there is still a problem that I don't understand clearly.
Let’s not consider the problems that this recycling mechanism may cause, nor the cookies (assuming that cookies are always valid).
Assuming that session.gc_maxlifetime is set to the default value of 1440, I operated the session when I logged in for the first time, saved the user information, and did not change the session after that.
Is it true that no matter how many requests I make in the future, the modification time of this session will still be the time I logged in?
Is the session invalid after more than 1440 seconds, regardless of whether I operate on this website?
Or is it that if I have been operating on this website, the modification time of the session will be updated, which means that the session will be deleted only if it is not active on this website for more than 1440 seconds?
Or is the session not deleted based on the modification time? It will only be deleted after it has been inactive for a certain period of time?
I hope to get a more detailed answer, thank you!
php.ini sets the default session.gc_maxlifetime value to 1440. How should I understand this value.
When I visit a website that requires login, usually the login will not fail as long as I have been operating it. If there is no operation for a period of time, I need to log in again. I read some information on the Internet and learned about the session storage method and recycling mechanism, but there is still a problem that I don't understand clearly.
Let’s not consider the problems that this recycling mechanism may cause, nor the cookies (assuming that cookies are always valid).
Assuming that session.gc_maxlifetime is set to the default value of 1440, I operated the session when I logged in for the first time, saved the user information, and did not change the session after that.
Is it true that no matter how many requests I make in the future, the modification time of this session will still be the time I logged in?
Is the session invalid after more than 1440 seconds, regardless of whether I operate on this website?
Or is it that if I have been operating on this website, the modification time of the session will be updated, which means that the session will be deleted only if it is not active on this website for more than 1440 seconds?
Or is the session not deleted based on the modification time? It will only be deleted after it has been inactive for a certain period of time?
I hope to get a more detailed answer, thank you!
SESSION is recycled every time you visit the page:
Probability of recycling = session.gc_probability/session.gc_divisor, the default is 1/1000. If set to 1, it will be accessed every time it exceeds the SESSION lifetime (session.gc_maxlifetime, the default is 1440 seconds, which is 24 minutes) , SESSION will definitely be recycled. Every time the client accesses a variable in SESSION, the access time of the SESSION file will be updated. Each access requests the unique SESSION stored in the server based on the PHPSESSID cookie stored on the client. When the client's cookie expires, it is impossible to know which SESSION it is accessing, although the SESSION file on the server has not been expired and recovered at this time, which will cause a waste of server resources. If the user exits by clicking the "Exit" button system, at this time the program can log out cookies and sessions. If the user closes the browser and exits without notifying the system, the sess_PHPSESSID file can only be recycled manually.
PHP's session adopts a passive recycling mechanism. Expired session files will not disappear by themselves, but will trigger "recycling" through requests to process expired sessions.
At this time, the scheduled task (crontab) can automatically delete the expired session:
Find Extract files 24 minutes ago and delete them: find /path/to/sessions -cmin +24 -type f | xargs rm
This value is the time since you last refreshed the page, that is, if you do not perform any operations for 24 minutes after refreshing the page, the server will delete the session. However, whether it will be deleted is related to the deletion hit rate set in php.ini. For example, session.gc_divisor=1000, session.gc_probability=1, which means that when every thousand users call session_start(), they will be 100% A garbage collection mechanism will be executed to delete useless session files on the disk. And this deletion is not sure which user's session file it is. Therefore, session is a session technology, and it can be understood together with whether the browser is closed and rewritten. That is, as long as I close the browser, the session will be disconnected and the session will naturally become invalid. . . . My personal understanding is simple. If there are any mistakes, I hope someone can correct me?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
