Increase php session time via .htaccess not working

php session .htaccess

8,868

Solution 1

Your php_info() proves that the settings are applied.

Are you on Debian or Ubuntu ? In such case, there's a caveat: debian mantainers have patched the PHP package to clear unused sessions via crontab. (the above could apply not only to Debian/Ubuntu, depends on the distro mantainers)

# /etc/cron.d/php5: crontab fragment for php5
#  This purges session files older than X, where X is defined in seconds
#  as the largest value of session.gc_maxlifetime from all your php.ini
#  files, or 24 minutes if not defined.  See /usr/lib/php5/maxlifetime

# Look for and purge old sessions every 30 minutes
09,39 *     * * *     root   [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find
 /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm

Such decentralization is thus being done basing on global settings, not on a per process basis.

I see two solutions:

after 20 minutes or so (use time() to know when you're above the time threshold) you close the session with session_write_close() and open it again.
you implement your own session handler with session_set_save_handler and save your session data somewhere else than the default path.

Whichever route you choose I suggest you to retain the modifications you did to .htaccess.

Let us know how it goes :-)

Solution 2

Try doing it in your code instead. If you have header.php or config.php file that is included everywhere add this to it:

ini_set("session.gc_maxlifetime", 21600);
session_set_cookie_params(21600);

8,868

Admin

Updated on September 17, 2022

Comments

Admin almost 2 years

I want to create the session timeout to 6 hours but my browser is still timing out in 1/2 hour.

I am on a PLESK server.

I updated .htaccess

php_value session.gc_maxlifetime 21600
php_value session.cache_expire 21600
php_value session.cookie_lifetime 21600

Here is the relevant PHPinfo:

                        Local   Master
session.gc_maxlifetime  21600   1440
session.cache_expire    21600   180
session.gc_maxlifetime  21600   1440

Gumbo over 13 years

Do these PHP settings apply for all PHP scripts?

tacone over 13 years

The above assumes it is a session time out, not a browser's quirk.
Zoredache over 13 years

If you are on Debian a simple solution is to simply add php_value session.save_path /foo/bar where /foo/bar is not the standard folder.
tacone over 13 years

@Zoredache, doing so he may have to delete temporary files manually from /foo/bar since that escapes system crontab's cleaning.
Kzqai over 12 years

Thank you for this post, I wasn't aware that my apache config values were being completely ignored, only that my sessions were timing out quickly, until I checked my phpinfo() directly. As a result, I've given up on using the apache site setup, which apparently may not use php_value at all (unlike a .htaccess?), and just went with editing the php.ini directly.