2011-10-11

How to prevent sessions from expiring too quickly on PHP applications


When I started using sessions for authentication in a PHP web application I discovered that users were being logged out after a very short time.  After some research I discovered how sessions work in PHP.
A unique session ID is stored on a cookie on the users computer.  When the user connects to the server the server looks for a file with that unique session ID in its temp folder, and if one exists it pulls variable values from that file.  Every time any user connects to the server and starts a session the server generates a random number and then looks at some settings in php.ini to determine whether or not to clean out the temp folder. When it cleans out the temp folder it throws out session files older than the session.gc_maxlifetime setting in php.ini (set in seconds).  In order to enable keeping users logged in for long periods I set session.gc_maxlifetime = 1814400 in the php.ini.

This works on MAMP installations also. Just edit to /Applications/MAMP/conf/php5.3/php.ini

No comments: