![]() In fact, having okie_lifetime set to 0 would make the session’s cookie a real session cookie that is only valid until the browser is closed. But it's the server's task to invalidate a session, not the client. This only affects the cookie lifetime and the session itself may still be valid. okie_lifetime okie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser. So it additionally might occur that a session data file is deleted while the session itself is still considered as valid because the session data was not updated recently. So, you won't have problems with filesystems where atime tracking is not available. Since PHP 4.2.3 it has used mtime (modified date) instead of atime. ![]() Windows FAT does not so you will have to come up with another way to handle garbage collecting your session if you are stuck with a FAT filesystem or any other filesystem where atime tracking is not available. Note: If you are using the default file-based session handler, your filesystem must keep track of access times (atime). With that session handler, the age of the session data is calculated on the file's last modification date and not the last access date: And that is cost-intensive.įurthermore, when using PHP's default session.save_handler files, the session data is stored in files in a path specified in session.save_path. But when the garbage collector is started, it will check the validity for every registered session. ![]() Well, you could simply adjust these values so that the garbage collector is started more often. And using the default values for those options (1 and 100 respectively), the chance is only at 1%. Garbage collection occurs during session start.īut the garbage collector is only started with a probability of session.gc_probability divided by session.gc_divisor. Session.gc_maxlifetime session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. Both options mentioned by others ( session.gc_maxlifetime and okie_lifetime) are not reliable. You should implement a session timeout of your own.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |