PHP’s session.gc_maxlifetime variable November 1, 2011Posted by Tournas Dimitrios in PHP.
PHP provides an session garbage collection mechanism that ensures old unused sessions to be cleared regularly . This will help to prevent performance degrade due to filling up of session data and to reduce the risk of session hijacking as well . This variable defines how long an unused PHP session will be kept alive (default 1440 seconds ie 24min ) before session data is seen as garbage and probably cleaned up by the garbage collection process . A garbage collector runs with a probability defined by session.gc_probability divided by session.gc_divisor . By default this is 1/100 , which indicates that there is a 1% chance that the garbage collection process runs on each session initialization request . Setting the probability too high will add unnecessary processing load on the server , whereas setting it too low may cause server performance to degrade due to large amount of stored session data (whether needed or not) and increase the risk of user reconnecting to an old unwanted session as well (whether maliciously or not) .
The number of seconds to be elapsed before session data is seen as garbage and probably cleaned up by the garbage collection process can be configured by one of these actions :
- session.gc_maxlifetime = 7200 // in PHP’s configuration file or
- ini_set(“session.gc_maxlifetime”, “7200”) ; //directly into the webpage’s code or
- php_value session.gc_maxlifetime 7200 // into .htaccess file