What is the default lifetime of a session?
Check out php.ini the value set for session.gc_maxlifetime is the ID lifetime in seconds.
I believe the default is 1440 seconds (24 mins)
http://www.php.net/manual/en/session.configuration.php
Edit: As some comments point out, the above is not entirely accurate. A wonderful explanation of why, and how to implement session lifetimes is available here:
How do I expire a PHP session after 30 minutes?
what is the default session time in PHP and how can I change it?
Yes you can change it from php.ini file. The default is 24 minutes (1440 seconds).
Here is an link hope this link helps you.
max session time
Or you can also chage it in php connection file.
ini_set('session.gc_maxlifetime', 3600); //Make it one hour
How to set lifetime of session
The sessions on PHP works with a Cookie type session, while on server-side the session information is constantly deleted.
For set the time life in php, you can use the function session_set_cookie_params, before the session_start:
session_set_cookie_params(3600,"/");
session_start();
For ex, 3600 seconds is one hour, for 2 hours 3600*2 = 7200.
But it is session cookie, the browser can expire it by itself, if you want to save large time sessions (like remember login), you need to save the data in the server and a standard cookie in the client side.
You can have a Table "Sessions":
- session_id int
- session_hash varchar(20)
- session_data text
And validating a Cookie, you save the "session id" and the "hash" (for security) on client side, and you can save the session's data on the server side, ex:
On login:
setcookie('sessid', $sessionid, 604800); // One week or seven days
setcookie('sesshash', $sessionhash, 604800); // One week or seven days
// And save the session data:
saveSessionData($sessionid, $sessionhash, serialize($_SESSION)); // saveSessionData is your function
If the user return:
if (isset($_COOKIE['sessid'])) {
if (valide_session($_COOKIE['sessid'], $_COOKIE['sesshash'])) {
$_SESSION = unserialize(get_session_data($_COOKIE['sessid']));
} else {
// Dont validate the hash, possible session falsification
}
}
Obviously, save all session/cookies calls, before sending data.
What is the default Django session lifetime and how to change it?
The setting you are looking for is SESSION_COOKIE_AGE, the default value is 1209600 which is two weeks, in seconds.
Why is the standard session lifetime 24 minutes (1440 seconds)?
The real answer is probably very close to this:
Back during PHP3 days, PHP itself had no session support.
But an open-source library called PHPLIB, initially written by Boris Erdmann and Kristian Koehntopp from NetUSE AG, provided sessions via PHP3 code.
Session lifetimes were defined in minutes, not seconds. And the default lifetime was 1440 minutes, or exactly one day. Here's that line of code from PHPLIB:
var $gc_time = 1440; ## Purge all session data older than 1440 minutes.
Sascha Schumann was involved with the PHPLIB project around the period of 1998 to 2000. There's no doubt he was familiar with the PHP3 session code.
Then PHP4 came out in the year 2000 with native session support, but now the lifetime was specified in seconds.
I'll bet someone just never bothered converting minutes to seconds. It's probable that person was Sascha Schumann. Once that value was coded into the Zend engine, it became the configuration (php.ini) default as well.
PHP sessions default timeout
It depends on the server configuration or the relevant directives session.gc_maxlifetime in php.ini.
Typically the default is 24 minutes (1440 seconds), but your webhost may have altered the default to something else.
What is the default session expiration time in PHP?
The default value of session.gc_maxlifetime is 1440 seconds. So the garbage collector assumes a session to be expired when the last modification was at least 1440 seconds ago.
Note that when using a cookie for the session ID it might have a different lifetime. The default value 0 of session.cookie_lifetime makes the cookie a session cookie, that means it expires when the browser session is ended (i.e. the browser is closed).
See also my answer on How do I expire a PHP session after 30 minutes? for further information on session expiration.
PHP session lifetime problem
Use session_set_cookie_params() to change the lifetime of the session cookie. Note that by default, it is set to 0 which means that the cookie is set until the user exits the browser. You can do this in the following way:
/* Set to 0 if you want the session
cookie to be set until the user closes
the browser. Use time() + seconds
otherwise. */
session_set_cookie_params(0);
session_start();
Then check for the last activity time, updated each time someone visits a page.
if(($_SESSION['lastActivity'] + 300) < time()) {
// timeout, destroy the session.
session_destroy();
unset($_SESSION);
die('Timeout!');
} else {
$_SESSION['lastActivity'] = time();
}
Related Topics
What Do Strict Types Do in PHP
Pdo With "Where... In" Queries
Laravel Certificate Verification Errors When Sending Tls Email
How to Know Which 'PHP.Ini' File Is Used
How to Check If a String Starts With a Specified String
Get First 100 Characters from String, Respecting Full Words
Filter Values from an Array Similar to SQL Like '%Search%' Using PHP
Fatal Error: Call to Undefined Function Mb_Detect_Encoding()
Difference Between Session_Unset() and Session_Destroy() in PHP
How to Find the First and Last Date in a Month Using PHP
In PHP, What Does "≪≪≪" Represent
Laravel 5 Failed Opening Required Bootstrap/../Vendor/Autoload.PHP
Why Doesn't MySQL Support Millisecond/Microsecond Precision
What Is the Function _Construct Used For
Error: "Input Is Not Proper Utf-8, Indicate Encoding !" Using PHP'S Simplexml_Load_String