I'm seeing some odd and frustrating behavior with ZF2 sessions and timeouts.

Here's the code I use to set up the session:

    $sessionConfig = new \Zend\Session\Config\StandardConfig();
    $sessionConfig->setOptions(array(
        'cache_expire' => 525949,
        'cookie_domain' => 'mydomain.com',
        'cookie_lifetime' => 31536000,
        'cookie_path' => '/',
        'cookie_secure' => TRUE,
        'gc_maxlifetime' => 31536000,
        'name' => 'mydomain',
        'remember_me_seconds' => 31536000,
        'use_cookies' => TRUE,
    ));

    $sessionManager = new \Zend\Session\SessionManager($sessionConfig);
    $sessionManager->rememberMe(31536000);
    $sessionManager->setSaveHandler(new \Zend\Session\SaveHandler\MongoDB($mongo, $options);
    $session = new \Zend\Session\Container('MY_SESSION', $sessionManager);

When I execute this code, the cookie gets created but the expiration is end of session.

If I change the code like this:

    $sessionManager = new \Zend\Session\SessionManager();
    $sessionManager->rememberMe(31536000);
    $sessionManager->setConfig($sessionConfig);
    $session = new \Zend\Session\Container('MY_SESSION', $sessionManager);

the cookie gets created and the expiration is a year from now.

However, the session still expires after 30 minutes or so, even though the cookie remains.

What I want is for both the cookie and session to persist for a year. How do I accomplish this in ZF2?

It looks like the issue has to do with the handling of the gc_maxlifetime option. In \Zend\Session\SaveHandler\MongoDB, this value is taken from the PHP configuration, via ini_get('session.gc_maxlifetime');

I don't see anywhere in \Zend\Session\SessionManager where ini_set() is being called.

The solution, I think, is to do one of the following:

1. Edit php.ini and set the value globally
2. Edit .htaccess and add php_value session.gc_maxlifetime
3. Extend \Zend\Session\SessionManager and add a new method that calls ini_set() if the gc_maxlifetime option is supplied.