dsmgcse8876 2010-02-24 16:34
浏览 453
已采纳

服务器如何判断会话过期以及如何更改到期时间?

I understand that a session cookie can be given a lifetime (session.cookie_lifetime) and that after that lifetime the cookie expires regardless of whether a user interacts with the site.

I would therefore assume to set this to 0 to indicate they should stay live until the browser closes.

I also think I understand that the garbage collection lifetime (session.gc_maxlifetime) can be set for a cookie and that as long as a user does not exceed this time between their clicks then the cookie will remain active.

To test this out I've been trying to get a 10 second session timeout.

I tried:

ini_set('session.gc_maxlifetime',10);

but the session doesn't timeout after 1 minute at least.

Is this because I am only saying to the garbage collector that the session has a life of 10 seconds but I'm not actually triggering the garbage collector?

How do you set the garbage collector going or does it just run every time a session is requested?

  • 写回答

2条回答 默认 最新

  • douzhi8488 2010-02-24 16:56
    关注

    First of all, don't confuse cookie settings (which are client-side) and garbage collection (which is server-side). Cookie settings only affect the expiration of the session_id. Session data may still exist on the server even if the browser has removed the cookie and, on the contrary, the server can remove the data while the session_id is still remembered by the browser.

    The cookie can be set to expire when you close the browser or in a specific date and time (I believe the default option is the first one, but I'd have to check it). In both cases, if the user interacts with the site the cookie will remain valid since it's renewed on each response.

    Session data is removed when the garbage collection is launched but you must take into account that:

    1. The garbage collection is started randomly, triggered by a page request.

    2. It removes session data not modified in more that gc_maxlifetime seconds.

    3. By default, session data is stored in files and PHP doesn't track what site owns what files. That means that storing sessions in the default shared location makes you lose control on session expiration: the site that's configured to keep session data for the shortest time is likely to remove data from other sites with longer time.

    To sum up, if you want full control on your data lifetime you need to store session data in a private directory, e.g.:

    session_save_path('/home/foo/sessions');
    ini_set('session.gc_maxlifetime', 3*60*60); // 3 hours
    ini_set('session.use_only_cookies', TRUE);
    session_start();
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 C++使用Gunplot
  • ¥15 这个电路是如何实现路灯控制器的,原理是什么,怎么求解灯亮起后熄灭的时间如图?
  • ¥15 matlab数字图像处理频率域滤波
  • ¥15 在abaqus做了二维正交切削模型,给刀具添加了超声振动条件后输出切削力为什么比普通切削增大这么多
  • ¥15 ELGamal和paillier计算效率谁快?
  • ¥15 file converter 转换格式失败 报错 Error marking filters as finished,如何解决?
  • ¥15 Arcgis相交分析无法绘制一个或多个图形
  • ¥15 关于#r语言#的问题:差异分析前数据准备,报错Error in data[, sampleName1] : subscript out of bounds请问怎么解决呀以下是全部代码:
  • ¥15 seatunnel-web使用SQL组件时候后台报错,无法找到表格
  • ¥15 fpga自动售货机数码管(相关搜索:数字时钟)