session.cookie_lifetime
of 0 will keep the cookie till the browser restarts (basically for the entire session).
Setting your session.gc_maxlifetime
to such a high value will mean you will have many stale sessions on your server and this might be a issue if you have large numbers of sessions - typically sessions are stored in the system's /tmp folder. When this folder, typically on *nix machines, fills up it could cause problems on the machine - processes start locking up as they fail to create temporary files for whatever reason. (You can change the session.save_path
to something other than /tmp so you don't have this issue - especially on shared hosts).
Someone, though, with more experience in server configurations, may know that there are other timeouts like Apache and TCP settings that may trump this value no matter how high you create it.
I believe what you're basically asking is for a Remember Me
feature that will allow someone to log in without having to remember their Username/Password and remember the exact state (1 month session).
The Remember Me
feature can be implemented with a rotating authentication cookie that is set to the next token in a known series based on the user's login credentials.
The 1 month session feature can be implemented by storing the session's state in a persistent cache (file cache, database, something more elaborate like Toyko Tyrant).