jump to navigation

PHP’s session.gc_maxlifetime variable November 1, 2011

Posted by Tournas Dimitrios in PHP.

PHP provides an session garbage collection mechanism that ensures old unused sessions to be cleared regularly . This will help to prevent performance degrade due to filling up of session data and to reduce the risk of session hijacking as well . This variable defines how long an unused PHP session will be kept alive (default 1440 seconds ie 24min ) before session data is seen as garbage and probably cleaned up by the garbage collection process .  A garbage collector runs with a probability defined by session.gc_probability divided by session.gc_divisor . By default this is 1/100 , which indicates that there is a 1% chance that the garbage collection process runs on each session initialization request . Setting the probability too high will add unnecessary processing load on the server , whereas setting it too low may cause server performance to degrade due to large amount of stored session data (whether needed or not) and increase the risk of user reconnecting to an old unwanted session as well (whether maliciously or not) .

 The number of seconds to be elapsed before session data is seen as garbage and probably cleaned up by the garbage collection process can be configured by one of these actions : 

  • session.gc_maxlifetime = 7200   //  in PHP’s configuration file  or  
  •  ini_set(“session.gc_maxlifetime”, “7200”) ; //directly into the webpage’s code  or
  • php_value session.gc_maxlifetime 7200    // into .htaccess file

Read this article .


1. Chandra - March 27, 2013

have tried this in wamp. but session does not expire even I coded the same to be expired in 10 sec.

What do I have to change here..

tournasdimitrios1 - March 28, 2013

Garbage Collection is done with a probability factor (gc_probability/gc_divisor). So if you do not run a lot of requests on you wamp installation chances are that this 1% is never hit, and no garbage collection of the sessions occurs . I guess this is because your local wamp installation does not get enough requests . There is always a “work-around” , just store a time-stamp into the session and make a comparison on each request .

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s