jimfog Posted September 1, 2015 Share Posted September 1, 2015 I want to implement session timeout....my site has two different users and the timeout requirement is different for them. After a search I found that when adjusting session timeout....the time that the session will last..must also be set in session.gc_maxlifetime. If that is the case how am I going to accomplish this...since we are dealing here 2 different timeouts and session.gc_maxlifetime accepts only one value. How do you think I should deal the issue given the fact we are dealing with two different users with different timeout requirements. Link to comment Share on other sites More sharing options...
Ingolme Posted September 1, 2015 Share Posted September 1, 2015 Usually for timeouts, I'll store timestamps in a session variable and compare them to the current time each time the page loads. If the time has expired I will erase everything from the session. Link to comment Share on other sites More sharing options...
jimfog Posted September 1, 2015 Author Share Posted September 1, 2015 Do you make any use of session.gc_maxlifetime...in the way I describe it? Link to comment Share on other sites More sharing options...
Ingolme Posted September 1, 2015 Share Posted September 1, 2015 No, I just store the timestamp right in the $_SESSION array itself. Link to comment Share on other sites More sharing options...
Don E Posted September 1, 2015 Share Posted September 1, 2015 Do you make any use of session.gc_maxlifetime...in the way I describe it? Just to note in regards to session.gc_maxlifetime that I discovered about sessions in-depth this past weekend, adjusting session.gc_maxlifetime does not necessarily mean that the session will last that amount of time. Here is a quote from the following link about session.gc_maxlifetime: http://http://stackoverflow.com/questions/1516266/how-long-will-my-session-last In general you can say session.gc_maxlifetime specifies the maximum lifetime since the last change of your session data (not the last time session_start was called!). But PHP’s session handling is a little bit more complicated. Because the session data is removed by a garbage collector that is only called by session_start with a probability of session.gc_probability devided by session.gc_divisor. The default values are 1 and 100, so the garbage collector is only started in only 1% of all session_start calls. That means even if the the session is already timed out in theory (the session data had been changed more than session.gc_maxlifetime seconds ago), the session data can be used longer than that. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now