Solved

PHP Session gc_maxlifetime?

Posted on 2004-09-02
10
2,994 Views
Last Modified: 2012-06-21
I'm wondering, what good is php_value session.gc_maxlifetim?  Why not just have a session expire upon not being accessed for x amount of time, then delete them...why keep them around for any longer with maxlifttime?


CoolATIGuy

Example:

php_value session.cache_expire 25   <--- mins how long a session is alive
php_value session.gc_probability 20  <--- percentage of time old sessions are deleted
php_value session.gc_maxlifetime 1500  <-- sec how long an expired session is considered trash
0
Comment
Question by:CoolATIGuy
  • 6
  • 4
10 Comments
 
LVL 48

Accepted Solution

by:
hernst42 earned 500 total points
ID: 11970558
Hi,

I think you interpreted the session.cache_expire value wrong:
This value sets the header how long this document is valid before the browser needs to recheck the page. If you have set session.cache_limiter to nochace that value should not be interpreted or used. So this value has nothing to do with session.gc_maxlifetime.

session.gc_maxlifetime:
That's the time in seconds after the session will be seen as expired and when session.gc_probability gets a true value all session that don't have been used for the session.gc_maxlifetime will be deleted.

session.gc_probability:
is used as a performance option so php does not need to check for every request if sessions have expired. The problem is that HTTP is stateless. So you don't know when the user closes the browser on the server-side and can't delete the session then.
0
 
LVL 8

Author Comment

by:CoolATIGuy
ID: 11983090
I'm sorry, I'm not getting what you're saying...could you please clarify?  Dumb it down...

CoolATIGuy
0
 
LVL 8

Author Comment

by:CoolATIGuy
ID: 11993375
I'm not understanding your explanations for the different variables...what do you mean by "how long this document is valid before the browser needs to recheck the page"?

CoolATIGuy
0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 
LVL 8

Author Comment

by:CoolATIGuy
ID: 12013338
hernst42,

I'd really like to figure this out and get it closed....does anyone have any ideas?


CoolATIGuy
0
 
LVL 48

Expert Comment

by:hernst42
ID: 12013429
The cache_expire gives the validty of the html docment in the cache or in a proxy. If the user does not do a reload of the html-page is taken from the cache/proxy and there is no request send to the webserver.

The setting is only relevant if you also use none for session.cache_limiter
0
 
LVL 8

Author Comment

by:CoolATIGuy
ID: 12030452
Found this: http://www.zend.com/manual/function.session-cache-expire.php

So basically the cache_expire says that if the user logs in, then doesn't do anything for xx minutes (defaults to 180 minutes), then they have to log in to access session-secure info.

The gc_probability determines how often the expired sessions get deleted.

And gc_maxlifetime will allow the user to be logged out, but leave the session behind for awhile, so the user can see a message saying that they timed out, etc.

Sound right?


CoolATIGuy
0
 
LVL 48

Expert Comment

by:hernst42
ID: 12031002
No,
If gc_probability is set to 1 (default 1/100) then every (default about every 100) php-page request all stored session (of all users) are checked and those session that are older (have not been modified) since time() - gc_maxlifetime are deleted.

cache_expire will only work if cache_delimiter is set to a value != nocache. So if you use the default for cache_delimter (nocache) you can ignore cache_expire as it will not be used.

So depending on the value of cache_expire (here 60) and cache_delimiter = private the webserver generate the following in the HTTP-Headers:
Cache-Control: private, max-age=3600, pre-check=3600

See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 for a detailed explanaition of caching for HTTP

In the link max-age is described as the following:
max-age
When an intermediate cache is forced, by means of a max-age=0 directive, to revalidate its own cache entry, and the client has supplied its own validator in the request, the supplied validator might differ from the validator currently stored with the cache entry. In this case, the cache MAY use either validator in making its own request without affecting semantic transparency.
However, the choice of validator might affect performance. The best approach is for the intermediate cache to use its own validator when making its request. If the server replies with 304 (Not Modified), then the cache can return its now validated copy to the client with a 200 (OK) response. If the server replies with a new entity and cache validator, however, the intermediate cache can compare the returned validator with the one provided in the client's request, using the strong comparison function. If the client's validator is equal to the origin server's, then the intermediate cache simply returns 304 (Not Modified). Otherwise, it returns the new entity with a 200 (OK) response.
If a request includes the no-cache directive, it SHOULD NOT include min-fresh, max-stale, or max-age.

0
 
LVL 8

Author Comment

by:CoolATIGuy
ID: 12032458
Can you give me fictional examples of those 3 variables being used, please?

CoolATIGuy
0
 
LVL 48

Expert Comment

by:hernst42
ID: 12033617
here are the examples from the php.ini

; Define the probability that the 'garbage collection' process is started
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.

session.gc_probability = 1
session.gc_divisor     = 100

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440

So if that garbage process is started all session stored in /tmp are deleted by PHP which are older than 24 minutes (gc_maxlifetime). A session is expired if the user with that session does not has accessed the server for 24 minutes. It could also happen that if there are very few accesses to the server that the session is still valid after 30 or 60 minutes, because the garbage collection of PHP hasn't be statred.

As the cache_delimiter is set to nocache the value of cache_expire is not used and has no effect on the session.

0
 
LVL 8

Author Comment

by:CoolATIGuy
ID: 12056304
Thanks

CoolATIGuy
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question