ini_set('session.cookie_lifetime', 259200);
ini_set('session.gc_maxlifetime', 259200);
session_start();
I have the above bit of code included on every single page on my site. I want to keep the user logged in for three days after logging in, but if they visit the site before the expiry date, it keeps them alive for three more days. Basically, the session is kept alive three days from when they leave the site (and if they don't return within those three days).
I've noticed, however, that sessions are kept alive for about a day and then die despite the ini_set I have above. I considered that perhaps it was my webhost's php.ini, but it also does this on my local machine.
Is there some other ini_set call I can do to get my desired effect? These don't seem to work, although they do keep it alive for one day.
As the size of a session gets larger, you'll run into various quirks though: not sure about current version, but PHP 5.1.x was loading the whole session into memory at session_start(); with a 20 MB session and 50 concurrent users, your scripts start to be severely limited by disk access speeds (a.k.a. "script startup is slow as molasses" - the sessions alone are hogging a GB of RAM, you definitely don't want your server to start swapping out); in the end, we dedicated a box to keep as many sessions as possible in its RAM, and the frontend boxes accessed them over NFS (although it helped in our case, this may be overkill for you).
Note that for many concurrent users and session storage on disk, the number of session temporary files may cause problems with filesystem limits (e.g. how many files can be in one directory), or other limits (we once found the hard way that a box was configured to only allow 4096 open files at the same time). None of this is really session-specific, but can be triggered by session handling.