jasimon9
asked on
PHP custom session handler - garbage collection time limit
I am considering writing my own custom session handling as I have certain specific requirements that would be perfectly met by having custom sessions.
I have reviewed several examples of custom handlers that are available in various places on the web. They are all very similar. But I have a question about garbage collection that seems to be common to all such examples. Specifically, the garbage collection routines destroy old sessions after either 5 minutes, or 24 minutes, typically.
I am wondering if this would not in many cases destroy sessions actively in progress. It seems like this time is very short, and so I am guessing that there must be some factor I am not aware of that makes these time limits reasonable.
Please comment on how this is really supposed to work.
I have reviewed several examples of custom handlers that are available in various places on the web. They are all very similar. But I have a question about garbage collection that seems to be common to all such examples. Specifically, the garbage collection routines destroy old sessions after either 5 minutes, or 24 minutes, typically.
I am wondering if this would not in many cases destroy sessions actively in progress. It seems like this time is very short, and so I am guessing that there must be some factor I am not aware of that makes these time limits reasonable.
Please comment on how this is really supposed to work.
ASKER
I think you are understanding the question correctly. However, this issue seems exactly what I am considering to be a problem!
If someone comes to a page and has a session going, then is inactive for 10 minutes and is thrown out of their session, I consider that to be a big issue. I would want something much longer, say between 20 or 30 minutes.
Compare this requirement against another feature we have: login cookies. A significant portion of our site's purpose is only available to logged in users. However, we place a cookie on the users system to remember that user, and automatically log them in when they return to the page. I originally designed these cookies to expire in 30 days.
However, our sales dept says "why ever have them expire?" They are pushing for at least 60 or 90 days.
So, to have sessions expire and force the user to start over again is inconsistent with this practice.
I guess I would compare this custom session behavior to the behavior of the default session handling provided by PHP, which we are now using. The session.gc_maxlifetime is 1440 seconds. It would seem that therefore 1440 seconds should be workable, which is 24 minutes, or something like that.
If someone comes to a page and has a session going, then is inactive for 10 minutes and is thrown out of their session, I consider that to be a big issue. I would want something much longer, say between 20 or 30 minutes.
Compare this requirement against another feature we have: login cookies. A significant portion of our site's purpose is only available to logged in users. However, we place a cookie on the users system to remember that user, and automatically log them in when they return to the page. I originally designed these cookies to expire in 30 days.
However, our sales dept says "why ever have them expire?" They are pushing for at least 60 or 90 days.
So, to have sessions expire and force the user to start over again is inconsistent with this practice.
I guess I would compare this custom session behavior to the behavior of the default session handling provided by PHP, which we are now using. The session.gc_maxlifetime is 1440 seconds. It would seem that therefore 1440 seconds should be workable, which is 24 minutes, or something like that.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Your comment is helpfulI would prefer to see some additional comment before awarding points.
I would proably feel ok with the 24-30 minutes, as that is what we are using during prototyping and it has not caused a problem this far.
I would proably feel ok with the 24-30 minutes, as that is what we are using during prototyping and it has not caused a problem this far.
I hope I understood your question correctly; if not, please clarify, because I'd hate to be just repeating what you already know.