Login/Register
The question between session.gc_maxlifetime and session.cookie_lifetime
Asked Answered
Solved phpsession-timeoutsession-cookies
M

2

8

My first question in stackoverflow. Thanks in advance!

I am so confused about the PHP session mechanism. I have understand the session.gc_maxlifetime by PHP - ini_set('session.gc_maxlifetime', 5) - Why it doesn't end the session?. But I still don't know the difference between session.gc_maxlifetime and session.cookie_lifetime.

Question: What will happened if the time of session.cookie_lifetime is out? Will the session cookie be deleted from the client computer directly?

I need to figure this question, then continue to ask something further.

Mansard answered 1/4, 2011 at 9:57 Comment(0)
E
2

The cookie lifetime is transmitted to the client. If the cookie has reched its lifetime, the client usually deletes it. So it is client-side. Also the a session can be alive even after the cookie is gone, since you can create the same cookie again, epand its lifetime, or transmit the session-id via the uri.

Hope that helps!

Eterne answered 1/4, 2011 at 10:49 Comment(3)
Thanks! You mean if the session.gc_maxlifetime is not timeout, even the session cookie in the client-side is deleted, this session will automaticly work through send a new session cookie to the client-side?Mansard
no. if the sessionid is not stored clientside anymore the server will not be able to identefy the client so you can not work in the same session. A new session will be generated.Eterne
Thanks for explaining the session_timeout, but you didn't explain gc_maxlifetime.Coimbra
C
5

session.gc_maxlifetime is the time in seconds after which your session data could be considered as garbage data. In other words, you can say that it is the time an unused PHP session will be kept alive.

session.cookie_lifetime is the life time in seconds of session cookies whether the session is alive or not. So the cookies will stay alive until the given time is elapsed

See:
http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime https://blogs.oracle.com/oswald/entry/php_session_gc_maxlifetime_vs

Co answered 6/6, 2013 at 14:53 Comment(1)
The article you linked really helped, especially these statements: 1. session.gc_maxlifetime - "...As long as the time between his clicks never exceed 1440 seconds. It's a timeout value." 2. session.cookie_lifetime - "This value indirectly defines the "absolute" maximum lifetime of a session, whether the user is active or not. If this value is set to 60, every session ends after an hour."Lorielorien
E
2

The cookie lifetime is transmitted to the client. If the cookie has reched its lifetime, the client usually deletes it. So it is client-side. Also the a session can be alive even after the cookie is gone, since you can create the same cookie again, epand its lifetime, or transmit the session-id via the uri.

Hope that helps!

Eterne answered 1/4, 2011 at 10:49 Comment(3)
Thanks! You mean if the session.gc_maxlifetime is not timeout, even the session cookie in the client-side is deleted, this session will automaticly work through send a new session cookie to the client-side?Mansard
no. if the sessionid is not stored clientside anymore the server will not be able to identefy the client so you can not work in the same session. A new session will be generated.Eterne
Thanks for explaining the session_timeout, but you didn't explain gc_maxlifetime.Coimbra

© 2022 - 2024 — McMap. All rights reserved.