Method of Setting Expiration Time of session Accurately in php

In most cases, we use the default set time for session expiration time, while we can set 1 session expiration time for 1 case with special requirements.

To do this, in PHP, set php.ini and find session.gc_maxlifetime = 1440 # (PHP5 defaults to 24 minutes)
Here, you can set the expiration time at will. But some people say that after setting it, it doesn't seem to work!
It's not that it doesn't work, but because the system defaults:

session.gc_probability = 1
session.gc_divisor = 1000

garbage collection has a probability, 1/1000 means that session is recovered once every 1000 times.
As long as you have a large number of visits, you can achieve the effect of recycling.
Or you can set the value of session.gc_divisor under 1,
For example: session.gc_divisor = 1, so you can clearly see the expiration effect of SESSION.

The most commonly used setting is in the php program, as shown in the following example program:

<?php
if(!isset($_SESSION['last_access'])||(time()-$_SESSION['last_access'])>60)
$_SESSION['last_access'] = time();
?>

This is done. If you want to set it to expire, you can also implement it in the program:

<?php
unset($_SESSION['last_access']);//  Or  $_SESSION['last_access']='';
?>

session has an expiration mechanism:

session.gc_maxlifetime Originally, session expiration was a small probability event, and session.gc_probability and session.gc_divisor were used to determine the probability of running gc in session. The default values of session.gc_probability and session.gc_divisor are 1 and 100, respectively. They are numerator and denominator respectively, so the probability running chance of gc in session is 1%. If you modify these two values, the efficiency of php will be reduced. So this method is wrong! !
Therefore, modifying the gc_maxlifetime variable in the php. ini file can extend the expiration time of session: (For example, we modified the expiration time to 86400 seconds)
session.gc_maxlifetime = 86400
Then, restart your web service (1 is usually apache).

session When "Recycling" Occurs:

By default, every php request has a 1/100 probability of recycling, so it may be simply understood as "every 100 php requests have one recycling". This probability is controlled by the following parameters
# Probability is gc_probability/gc_divisor

session.gc_probability = 1
session.gc_divisor = 100

Note 1: Assuming this is gc_maxlifetime=120, if an session file was last modified 120 seconds ago, the session is still valid until the next recycle (1/100 probability) occurs.

Note 2: If your session uses session. save_path to save session somewhere else, the session recycling mechanism may not automatically process expired session files. At this time, you need to delete the expired session manually (or crontab) at regular intervals:

cd /path/to/sessions; find -cmin +24 | xargs rm

session in PHP never expires

It is the best way not to modify the program, because if the program is modified, the test department 1 will be very depressed, so it can only modify the system environment configuration, which is actually very simple. Open the php. ini settings file and modify 3 lines as follows:

1. session.use_cookies

Set the value of this to 1 and pass sessionid using cookie

2. session.cookie_lifetime

This represents the storage time of SessionID in the client Cookie, and the default is 0, which means that SessionID will be invalidated when browser 1 closes SessionID... Because of this, session of PHP cannot be used permanently! Then let's set it to a number that we think is very large. How about 999999999? Yes! That's it.

3. session.gc_maxlifetime

This is the time Session data is stored on the server side. If this time is exceeded, Session data will be automatically deleted! Then we also set it to 9999999.

In this way, cut ok 1. Of course, if you don't believe it, test it 1-set an session value and come back after 10 days and a half. If your computer is not powered off or down, you can still see this sessionid.

Of course, it is also possible that you don't have the authority to control the server and can't be lucky enough to modify the settings of php. ini like me. There is a way to rely on ourselves. Of course, you must use the client to store cookie, store the obtained sessionID to the client's cookie, set the value of this cookie, and then pass this value to session_id (). The specific practices are as follows:

<?php
session_start(); //  Start Session 
$_SESSION['count']; //  Registration Session Variable Count 
isset($PHPSESSID)?session_id($PHPSESSID):$PHPSESSID = session_id(); 
//  If you set $PHPSESSID , will SessionID Assign value to $PHPSESSID Otherwise, generate SessionID 
$_SESSION['count']++; //  Variable count Plus 1 
setcookie('PHPSESSID', $PHPSESSID, time()+3156000); //  Storage SessionID To Cookie Medium  
echo $count; //  Display Session Variable count Value of  
?>

session failure non-transfer

Let's write an php file first: < ?=phpinfo()? > Go to the server to see the parameter configuration of the server.
Go to the session section and see that the session. use_trans_sid parameter is set to zero.
This parameter specifies whether transparent SID support is enabled, that is, whether session is passed with URL. My personal understanding is that if the parameter 1 denier is set to 0, then each URL will start one session. In this way, the following pages can't track the session of the previous page, which is what we call undeliverable. Two pages generate two session files on the server side, which are unrelated. (The exact principle here remains to be confirmed)
So one way is to change the value of session.use_trans_sid to 1 in the configuration file php. ini.

Of course, we know that not everyone has the authority to change the configuration of php, so what indirect solutions are there?
Here are two examples to illustrate:
Document 1 test1.php

<?php
// Indicates that the user is used ID For the identified session
session_id(SID);
// Start session
session_start();
// Will session Adj. name Assign value to Havi
$_SESSION['name']="Havi";
// Output session And set the hyperlink to the 2 Page test2.php
echo "<a href="test2.php" rel="external nofollow" >".$_SESSION['name']."</a>";
?>

File 2: test2.php

<?php
 Indicates that the user is used ID For the identified session
session_id(SID);
// Start session
session_start();
// Output test1.php Passed in the session . 
echo "This is ".$_SESSION['name'];
?>

Therefore, the focus is on session_start (); Add session_id (SID) before; In this way, when the page is converted, the server uses session stored by the user in the server session folder, which solves the delivery problem.
However, some friends will reflect that if session of multiple users is written in one SID, the value of Session will not be brought into play. Therefore, there is another trick to solve this problem, without adding session_id (SID); The premise is that you have configured permissions on the server's php. ini:
output_buffering is changed to ON, which makes no sense.
The second possible reason is that you don't have access to the folder where the server saved session, or go back to phpinfo. php and look at the address where session was saved:

session.save_path: var/tmp

So just check whether the var/tmp folder is writable.
Write 1 file: test3. php to test 1:

<?php
echo var_dump(is_writeable(ini_get("session.save_path")));
?>

If you return to bool (false) to prove that the writing permission of the folder is restricted, then change the folder and add:

<?php
if(!isset($_SESSION['last_access'])||(time()-$_SESSION['last_access'])>60)
$_SESSION['last_access'] = time();
?>

0