php Question posted in
Official manual can be found here.

Php – Does session.gc-maxlifetime restart if Session_Start() is called again? or is it calculated from the first time session is created?

According to the docs:

session.gc_maxlifetime specifies the number of seconds after which
data will be seen as ‘garbage’ and potentially cleaned up. Garbage
collection may occur during session start (depending on
session.gc_probability and session.gc_divisor). Defaults to 1440 (24
minutes).

but is this period of seconds calcuated from the first time Session_Start() is called? or does the time restart after Session_start() is called again, or after some sort of interaction with $_SESSION is made?

If it is calculated from the first time session is created, is there a way to restart this so that users dont face errors from trying to interact with session variables that have been reset to null?

Tags:

2

Answers


  1. 0

    Long story short: You can’t call session_start() twice during the same session.

    Long story:

    Garbage collector may be called at any point in time, so the session’s file timestamp (the file inside your php temp directory) is the only way to tell if the data will be considered garbage during the next execution of GC.

    Now, if you try to execute this:

    <?php
while (true) {
    session_start();
    sleep(5);
}

    PHP will yield session_start(): Ignoring session_start() because a session is already active

    This implies that you need to close your current session after calling session_start() again. Once you call session_start() (and resume your session) it will update your session file’s timestamp thus resetting the timer for that session.

    You can alter the behavior of the current session handler by implementing a custom session handler as well.

    Login or Signup to reply.
  2. 0

    The answer is : the session variables lifetime’s end-time will be "re-calculated" when the start_session() is called again.

    It is because the garbage collection process is designed to abandon "inactive" sessions , which is obviously one of the measures of security.

    For example, if you set the following in your php.ini and then restart the httpd , the system will 100% perform garbage collection (session.gc_probability/session.gc_divisor =1) whenever the time reaches the liftime timeout which is 60 seconds

    session.gc_maxlifetime=60
session.gc_probability = 1000
session.gc_divisor = 1000

    Now, if you run , on your browser this php (session1.php):

    <?php session_start();

$_SESSION["var1"]="Stack Overflow";

    if you then , wait after 60 seconds, and run the following (session2.php), you will notice that the system echos nothing , because $_SESSION["var1"] is destroyed due to garbage collection

    <?php session_start();

echo $_SESSION["var1"];

    However, if you run session1.php and then wait for 59 seconds and immediately run session2.php, you will notice that echo $_SESSION["var1"]; will display the word "Stack Overflow", and if you wait for another 59 seconds and run session2.php again, it will display the word "Stack Overflow" again …. until one time you run the session2.php AFTER 60 seconds, then the session is gone

    Note: If you really did the above test, remember to set back the gc_probability, gc_divisor and gc_maxlifetime to the default values after you have done the test, otherwise I believe 60 seconds are too short for the session life time under normal circumstances

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search