session timeout

[jimfog]

I want to implement session timeout....my site has two different users and the timeout requirement is different for them.

 

After a search I found that when adjusting session timeout....the time that the session will last..must also be set in session.gc_maxlifetime.

 

If that is the case how am I going to accomplish this...since we are dealing here 2 different timeouts and session.gc_maxlifetime accepts only one value.

 

How do you think I should deal the issue given the fact we are dealing with two different users with different timeout requirements.

[Ingolme]

Usually for timeouts, I'll store timestamps in a session variable and compare them to the current time each time the page loads. If the time has expired I will erase everything from the session.

[jimfog]

Do you make any use of session.gc_maxlifetime...in the way I describe it?

[Ingolme]

No, I just store the timestamp right in the $_SESSION array itself.

[Don E]

Do you make any use of session.gc_maxlifetime...in the way I describe it?

Just to note in regards to session.gc_maxlifetime that I discovered about sessions in-depth this past weekend, adjusting session.gc_maxlifetime does not necessarily mean that the session will last that amount of time. Here is a quote from the following link about session.gc_maxlifetime: http://http://stackoverflow.com/questions/1516266/how-long-will-my-session-last

In general you can say session.gc_maxlifetime specifies the maximum lifetime since the last change of your session data (not the last time session_start was called!). But PHP’s session handling is a little bit more complicated.

 

Because the session data is removed by a garbage collector that is only called by session_start with a probability of session.gc_probability devided by session.gc_divisor. The default values are 1 and 100, so the garbage collector is only started in only 1% of all session_start calls. That means even if the the session is already timed out in theory (the session data had been changed more than session.gc_maxlifetime seconds ago), the session data can be used longer than that.