I am using php session in my current slim 4 project like this
session_start();
$_SESSION['userinfo'] = [Some kind of user inform];
My session is getting expired every hour, I tried so many things to keep session alive for more than months like this
/*
Keep User Session Live
*/
// use cookies to store session IDs
ini_set('session.use_cookies', 1);
// use cookies only (do not send session IDs in URLs)
ini_set('session.use_only_cookies', 1);
// do not send session IDs in URLs
ini_set('session.use_trans_sid', 0);ini_set('session.gc_maxlifetime',60*60*24*365);
ini_set('session.gc_divisor', '1');
ini_set('session.gc_probability', '1');
ini_set('session.cookie_lifetime', 60*60*24*365);
A session in php is basically just a cookie with a default expiry time. Arent you better off setting a cookie instead? (That way you can set the age). A session timeout will be reset on every request to the “system”.
I “think” you can check a sessions timeout using phpinfo() (to make sure things like php.ini / htaccess aren’t forcing it)
Just fyi the setting needs to be set before you call session_start()
// use cookies to store session IDs
ini_set('session.use_cookies', 1);
// use cookies only (do not send session IDs in URLs)
ini_set('session.use_only_cookies', 1);
// do not send session IDs in URLs
ini_set('session.use_trans_sid', 0);ini_set('session.gc_maxlifetime',60*60*24*365);
ini_set('session.gc_divisor', '1');
ini_set('session.gc_probability', '1');
ini_set('session.cookie_lifetime', 60*60*24*365);
session_start();
//php 7 and higher
// This sends a persistent cookie that lasts a day.
session_start([
'cookie_lifetime' => 86400,
]);
PHP performs random garbage collection of outdated session data.
When a session opens, PHP will call the gc handler randomly according to the probability set by session.gc_probability / session.gc_divisor in php.ini . For example if these were set to 5/100 , it would mean a probability of 5%.
If the garbage collection handler is invoked, PHP will pass the value of session.gc_maxlifetime , meaning that any stored session that was saved more than gc_maxlifetime seconds ago should be deleted. This allows to expire records based on idle time.
However, some operating systems (e.g. Ubuntu/Debian) do their own session handling and set the session.gc_probability directive to 0 to stop PHP doing garbage collection.
You can configure these settings by passing gc_probability , gc_divisor and gc_maxlifetime
// The time in minutes the session should be valid for.
$timeout = 86400;
// The number of seconds after which data will be seen as
// "garbage" and potentially cleaned up
ini_set('session.gc_maxlifetime', 60 * $timeout);
// the probability that the garbage collector (GC) process is
// started on every session initialization.
// The probability is calculated by using gc_probability / gc_divisor,
// e.g. 1/100 means there is a 1% chance that the
// GC process will start on each request.
ini_set('session.gc_probability', '1');
ini_set('session.gc_divisor', '100');
You need to set your own session directory (session.save_path directive). Otherwise, any other PHP process running on the same machine can set a shorter expiration time and remove its data files together with yours.
Check the web server for a CRON job that cleans up session cookies.
This was already mentioned by @FvsJson, but you might try setting session.save_path to a different directory than PHP’s default. One way to see what the default path is by checking the return from session_save_path() .
You should not set session.gc_divisor and session.gc_probability to the same value. By using 1 for each of those you are triggering garbage collection every time you start a session. PHP’s session garbage collection is slow. Forcing it to run so often will make your site less responsive. The recommended value for session.gc_divisor is 100.