Php session expiring

Hi everybody.
I have a problem with PHP sessions.
I have developed a backend for a mobile app developed by another team of devs. The app send requests to my php scripts which collects data and send them to the mobile app.
The problem is that I have used PHP sessions and this way, if the mobile app doesn't send requests for 30 minutes, the session expires and the php scripts return bad or null values.

I have now to manage this issue and I'm wondering what is the best way to do it. Can I set the php.ini in order to make sessions never expire? Or do I have to tell developers to use Ajax to prevent session expiring? Or there is some better way?

Thanks for any suggestion :)
LVL 32
Marco GasiFreelancerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jan LouwerensSoftware EngineerCommented:
If the requests coming in have that much time separating them, you might want to consider storing the data in a database, rather than in the session.
Dave BaldwinFixer of ProblemsCommented:
You need to rewrite your code.  PHP session 'timers' are intentionally unreliable.  They are NOT intended to be used as timers but as the minimum time before starting garbage collection.  If you are the only one on that server, you can change the session timeout.  If you are Not the only one, then you will find out that the lowest timeout is the one that is used and that changing yours will have no effect.

By the way, if sessions never expire, that means you will collect the files containing $_SESSION[] data until all the disk space is used up.
Marco GasiFreelancerAuthor Commented:
Thank you both, guys.
Okay I understand your points and I realize I didn't explain my problem in the right way.
Let's me clarify. When the user open the app and does the login, a session is stored on the server and the user id is saved in a session variable. This is the value I repeatedly check in various scripts when the app sends a request. If the app doesn't send any request for 30 minuts the user id value expires and the next request fails.

I could arrange things to make the app save the user id in a local database (or/and in local Storage) and then send tthe value with any request and just drop the PHP session. But there are some operations which involve several scripts in sequence and there it would better to use sessions.

Or maybe there is some other way to manage things I didn't think about...

What's your thought?
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Dave BaldwinFixer of ProblemsCommented:
Actually, we understand perfectly because we've answered and 'solved' this question many times already.  First, PHP sessions expire because of lack of activity.  Standard time-out is 24 minutes from the Last access.  If you have "several scripts in sequence" they will keep the session alive because the time-out is reset with every access.  If you access pages in a session every few minutes, you can keep a session open indefinitely, for days, weeks, even years and decades.

Sessions are only for short term access.  I always use a database for the important info.  That way (with appropriate coding), the user can come back days later and use it again.
Marco GasiFreelancerAuthor Commented:
@Dave: I don't understand the relation between your comment and my question. But if you have solved the same question so many times, maybebyou can just post a link to some of those threads...
Dave BaldwinFixer of ProblemsCommented:
Since you can't control how long between accesses, use a database instead of sessions.  I leave it to you to look up the many questions here about PHP sessions.  Almost all of the problems arise from a misunderstanding of what sessions are good for.
Marco GasiFreelancerAuthor Commented:
But I'm not using session to store data, just the logged user id: it looks like a standard use of the session to me...
Chris StanyonWebDevCommented:
Hey Marco,

Sessions are designed to be just that - a session. A session will expire after 24 minutes of inactivity, or when the user closes down their browser. If your store the logged in user ID in a session, then that data will expire with the session. The idea of storing the data in the DB, is so that data is not lost when the user closes the browser, or is inactive.

Instead of storing the user ID in a session, you store it in a cookie. A cookie allows you to set when it will expire, so you can choose a lifespan of say 1 year. Now when a user visits your site, the cookie will be sent to your server. This cookie will contain the User ID, and you can retrieve the data associated with that User ID from the DB. Even if they come back in 6 months, the cookie will be sent, the data retrieved and they will still be logged in.

A cookie is stored on the client machine, unlike a session which is stored on the server, so take that into account. For example, don't just store the user id as a simple int (1,2,3 etc.). Use something that is more secure, such as a hash. Plenty of guides online explaining best-practices for that.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Marco GasiFreelancerAuthor Commented:
Hi Chris. Yes, sure. I should have thought by myself! But I didn't :) Thank you so much.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.