This is PHP's default behavior, see here .
There are two distinct things that should be noted in the sessions:
-
session.cookie_lifetime
sets the time the cookie of the session will be erased, in seconds. The cookie expiration time is set when it is created, in session_start()
, and is not updated! If the value is 0
the cookie will be available until the browser is closed, which is the default.
-
session.gc_maxlifetime
defines how long the session file will be understood as "junk" and potentially deleted, it takes into account the date of the last update of the session file.
/! \ This is not recommended!
If you want session files to be "permanent", just like cookies , you can simply use:
session.cookie_lifetime = 31536000
session.gc_maxlifetime = 31536000
This will make sessions, in the best of situations, available for 1 year.
Now let's get into trouble.
The session is divided into two steps, one cookie in the browser and one file on the server.
Defining a gc_maxlifetime
will cause the server to have several useless files, literally. Uselessness can occur due to a number of factors, most commonly because the user has cleared cookies or simply never accessed the website again.
Defining a cookie_lifetime
high is no problem, from my view , the only problem is that it becomes easy to steal the session (the cookie value) because it will only expire next year.
"Solution":
Set a cookie_lifetime
of a week, for example. This will cause the cookie to die after a week after it is created. In addition it is necessary that the contents of the session (the files) are also present, so change the gc_maxlifetime
to also a week.
In addition, when the user connects, create a new cookie with the same session, so it will "renew" a week before the expiration of the cookie, that is, if the user logs in 6 days later.
Another solution is to save everything in cookie and set a high expiration time, this way no session will be used, no server file will be read, everything will be read on the client side for itself, but this varies from case to case .