I am controlling the user session with a single config file, included in every page. I have login/logout option in my website.
I want to extend user's session destroy timeout to 1 year (even when a user close his browser, the session should be still there unless the user log's out the page).
i am using this to extend user session timeout value,
<?php
session_set_cookie_params(31556952);
ini_set('session.gc_maxlifetime',31556952);
session_start();
//my Other code like DB connections will come below.
?>
and in the PHP.ini
I have set session.gc_maxlifetime to 31556952
But this Doesn't affect anything, user session gets destroyed exactly at 120 second.
I have refered all the stackoverflow related questions but i didn't get any clue.
What would be the problem? any suggestions.
I thing you need to set session time along with set-cookie with same time duration.
I can think of a few things, but it could be caused by many things. You have validated the ini file to make sure everything is ok. I had an issue like this before, turns out I had 2 versions of PHP installed on the server. I was modifying the wrong ini file. Make sure the version of php you are using is the one belonging to the ini you are working with.
Sometimes performing the ini sets in the php file doesnt work for me. Never understood why. When this happens, adding records to the htaccess file to make sure apache is picking them up. session timeout in php code and in htaccess?
The final thing is a little more tricky to find. Try make 100% sure you arent destroying the session somewhere. The fact that it is a hard 120 seconds it would seem like it is the server, but make sure you aren't calling some script with ajax after 120 seconds and for some reason this script is killing the session.
There are a couple of things that might be messing you up
session.gc_maxlifetime and both scripts share the same save space for session data, then the lower value will prevail. If this is your situation, you should save sessions at a custom location so that whatever script is setting a lower lifetime will no longer conflict with this script. You can do that by calling ini_set('session.savepath',NEWPATH). For details, see the docs.session.gc_maxlifetime at run time has no effect. Your best bet is to alter it in you php.ini file. This has been reported here.In your shoes given that you want the session to last many months, I would probably rely on a database to store login cookies.