How to set lifetime of session

php session lifetime

118,692

Solution 1

The sessions on PHP works with a Cookie type session, while on server-side the session information is constantly deleted.

For set the time life in php, you can use the function session_set_cookie_params, before the session_start:

session_set_cookie_params(3600,"/");
session_start();

For ex, 3600 seconds is one hour, for 2 hours 3600*2 = 7200.

But it is session cookie, the browser can expire it by itself, if you want to save large time sessions (like remember login), you need to save the data in the server and a standard cookie in the client side.

You can have a Table "Sessions":

session_id int
session_hash varchar(20)
session_data text

And validating a Cookie, you save the "session id" and the "hash" (for security) on client side, and you can save the session's data on the server side, ex:

On login:

setcookie('sessid', $sessionid, 604800);      // One week or seven days
setcookie('sesshash', $sessionhash, 604800);  // One week or seven days
// And save the session data:
saveSessionData($sessionid, $sessionhash, serialize($_SESSION)); // saveSessionData is your function

If the user return:

if (isset($_COOKIE['sessid'])) {
    if (valide_session($_COOKIE['sessid'], $_COOKIE['sesshash'])) {
        $_SESSION = unserialize(get_session_data($_COOKIE['sessid']));
    } else {
        // Dont validate the hash, possible session falsification
    }
}

Obviously, save all session/cookies calls, before sending data.

Solution 2

Set following php parameters to same value in seconds:

session.cookie_lifetime
session.gc_maxlifetime

in php.ini, .htaccess or for example with

ini_set('session.cookie_lifetime', 86400);
ini_set('session.gc_maxlifetime', 86400);

for a day.

Links:

http://www.php.net/manual/en/session.configuration.php

http://www.php.net/manual/en/function.ini-set.php

Solution 3

Prior to PHP 7, the session_start() function did not directly accept any configuration options. Now you can do it this way

<?php
// This sends a persistent cookie that lasts a day.
session_start([
    'cookie_lifetime' => 86400,
]);
?>

Reference: https://php.net/manual/en/function.session-start.php#example-5976

Solution 4

Sessions can be configured in your php.ini file or in your .htaccess file. Have a look at the PHP session documentation.

What you basically want to do is look for the line session.cookie_lifetime in php.ini and make it's value is 0 so that the session cookie is valid until the browser is closed. If you can't edit that file, you could add php_value session.cookie_lifetime 0 to your .htaccess file.

Solution 5

Since most sessions are stored in a COOKIE (as per the above comments and solutions) it is important to make sure the COOKIE is flagged as a SECURE one (front C#):

myHttpOnlyCookie.HttpOnly = true;

and/or vie php.ini (default TRUE since php 5.3):

session.cookie_httponly = True

View more solutions

118,692

Hensembryan

cout << "Coding with style"

Updated on July 09, 2022

Comments

Hensembryan almost 2 years

How to set session lifetime in PHP? I Want to set it to forever as long as the request is exist. The request is AJAX. My PHP code that handle AJAX request is:

// AJAX.php
<?php    
session_start();

$_SESSION['counter'] = $_SESSION['counter'] + 1;

header('Content-type: application/json');    
echo json_encode(array('tick' => $_SESSION['counter']));
?>

and the JavaScript:

$(document).ready(function() {            
function check() {
    getJSON('ajax.php');        
}

function getJSON(url) {                                
    return $.getJSON(
                url,
                function(data) {
                    $("#ticker").html(data.tick);
                }
           );
}

setInterval(function() {
    check();
}, 10000); // Tick every 10 seconds

});

The session always resets after 300 seconds.

Francois Deschenes almost 13 years

This seems like an overly complicated solution to a simple problem. What's wrong with setting the value of session.cookie_lifetime in your configuration or .htaccess file? The way you're suggesting requires additional code in each PHP file that requires session.
Exos almost 13 years

Yes, but i write the simple solution (before "But, it..."), the rest or response is for "I Want to set it to forever", hehe, the session.cookie_fifetime, is server-side configuration, but the browser manage this as "session cookie". For the simple solution can be use session_set_cookie_params too.
Hensembryan almost 13 years

Obviously the session i used is to save large data that change every 10 second as long as ajax request is exist. That's way i need to set it to forever. By the way, nice answer thanks
Ignacio A. Poletti over 10 years

Expire time in your example "604800", should be: "time()+604800", is an absolute reference.
M H almost 9 years

You can set it in your php.ini to 0...thats forever.
The Onin over 8 years

@Hanoncs Wrong, session.cookie_lifetime defaults to 0 in php.ini, and that means it's a session cookie, not that it lasts forever.
bytecode77 about 8 years

Not true! Not at all. Both the session on the server side and the cookie will expire.
Robert Sinclair almost 8 years

what is valide_session function in your code? What does it do?
joe_evans over 3 years

Sorry, that is incorrect. Session variables will expire