increase session timeout in php
PHP

How to Increase session timeout in PHP?

Write a Comment on How to Increase session timeout in PHP?

In this article, we are going to learn how to increase session timeout in PHP. If you have a question about how to increase session timeout in PHP then i will give a simple example with a solution.

What is PHP session timeout?

PHP session timeout is the duration during which a user’s session on a website remains active. If the session is inactive for longer then the specified timeout period, the session data is typically considered expired and can be removed by the server’s garbage collection process.

In PHP, Session are maintained to check if the user is active. When user becomes inactive and the user forgets to logout from the web page. By default, a session in PHP gets destroyed when the browser is closed.

For example, if  ‘session.gc_maxlifetime’ is set to ‘1440’ (24 minutes), the session data will be cleaned up if it has not been accessed within 24 minutes.

This setting determines how long the session cookie will be stores in the ‘user’s browser.

If this is set to ‘0’ , the session cookie will expire when the browser is closed, meaning the session ends when the close the browser.

session_start();
How to increase session timeout in PHP?
1. Understand about PHP Sessions

A PHP session provides a method to save data for multiple request.  This makes sessions very reliable when storing critical application data. PHP sessions are powerful feature that allow you to store and manage user-specific data across multiple pages of a web application. Unlike cookies, session data is stored on the server, enhancing security and allowing larger amount of data to be stored.

2. How Do PHP sesions work?
  1. Session start: When a session starts, PHP generate a unique session ID for the user. This ID is usually stored in a cookie on the user’s browser or passed via the URL.
  2. Storing Data: You can store data in the $_SESSION superglobal array.
  3. Session Management: PHP handles the storage and retrieval of session data on the server, saving it in temporary files.
  4. Session End: Sessions can be ended manually by the developer and autimatically after a period of inactivity.
Step 1: Determine the current session timeout value

Before not changing the PHP session timeout value, you need to determine the current value. The default session timeout duration 24 minutes. but it can be modifying the ‘session.gc.maxlifetime’ directive in your php.ini file. Let’see below example.

<?php
echo init_get("session.gc_maxlifetime")
?>

This code will output the current session timeout value.

Read also: PHP check if array is multidimensional or not

Step 2: Modify php.ini
  • The location can very depanding on your server setup.
  • Look for the session.gc.maxlifetime directive in the file.
  • Change the value to the desired session timeout duration in seconds. For example, to set the timeout to 1 hour and you can set 3600 seconds.
<?php
session.gc_maxlifetime = 3600
?>
  • Save the changes.
  • Restart your web server to apply the changes.
Step 3: Set in your PHP script

When you don’t have access to modify the php.ini file, you can set the session timeout in your PHP script using init_set function. Let’see below example.

index.php
<?php

/* Set session timeout to 1 hour (3600 seconds) */
init_Set('session.gc_maxlifetime', 3600);

/* Optionally, set session cookie lifetime */
init_set('session.cookie_lifetime', 3600);

/* Start the session */
session_start();
?>

Explanation:

  • The session.gc_maxlifetime setting is specified in seconds. Setting it to 3600 means the session data will remain active for 1 hour.
  • After updating php.ini, restart your web server (e.g., Apache or Nginx) for changes to take effect.
  • Setting session.cookie_lifetime t0 3600 ensures that the cookie storing the session ID remains valid on the client’s browser for 1 hour.
  • That this setting applies to all sessions on the server, so it will affect every PHP application running on the server.
Step 4: Increasing session lifetime

If your sessions are implemented with cookies, you can set an upper bound on the session duration by certain parameters. Below example should work like this.

// Server should keep session data for atleast 1 hour

init_set('session.gc_maxlifetime', 3600);

// Each user should remember their session id for exactly 1 hour

session_set_cookie_params(3600);

session_start(); // Ready to go
  • session.gc_maxliferime in php.ini: Adjusts the session timeout for all PHP applications on the server.
  • session.gc_maxlifetime in PHP code: Sets the timeout for a specific application or page.
  • session.cookie_lifetime: Extend the session duration on the client side, keeping the session cookie valid.
  • session_set_cookie_params(): Controls session cookie duration for each session individually.

I hope this tutorial help you.

Jasminkumar Borad

I'm a full-stack developer, enterpreneur and owner of webstuffsolution.com. I live in india and i like to write tutorial and tips that can help to other user. I like to share various programming language tips and solution. I believe in hardworking and consistency.
View All Articles

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *