Today's Question:  What weekend projects have you created?        GIVE A SHOUT

Technical Article => Web =>  PHP

Some tricks on PHP session

  Pi Ke      2015-03-13 07:05:37      10,663    4

1. Session timeout problem

There is a nuance we found with session timing out although the user is still active in the session.  The problem has to do with never modifying the session variable.

The GC will clear the session data files based on their last modification time.  Thus if you never modify the session, you simply read from it, then the GC will eventually clean up.

To prevent this you need to ensure that your session is modified within the GC delete time.  You can accomplish this like below.

if(!isset($_SESSION["last_access"]) || (time() - $_SESSION["last_access"]) >= 60) {
	$_SESSION["last_access"] = time();

This will update the session every 60s to ensure that the modification date is altered.

2. Session across various domains

Variations from Http://, Https:// and http://www. will throw off session data. If you want to share session across different subdomains, you can refer to Using PHP sessions across subdomains.

3. session.cookie_lifetime

 When setting the session.cookie_lifetime directive in a .htaccess use string format like;

php_value session.cookie_lifetime "123456"

but not

php_value session.cookie_lifetime 123456

Using an integer as stated above dit not work in my case (Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.5 with Suhosin-Patch mod_ssl/2.2.11 OpenSSL/0.9.8g)

4. session_destroy()

Remember that session_destroy() does not unset $_SESSION at the moment it is executed.  $_SESSION is unset when the current script has stopped running.

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

Note the data associated with $_SESSION will be deleted but the $_SESSION value itself will not be removed. See here for more details.

Note: This is a summarized article which uses the resource provided by visitors of PHP manual. The reference site is



Share on Facebook  Share on Twitter  Share on Google+  Share on Weibo  Share on Reddit  Share on Digg  Share on Tumblr    Delicious



jedisct1 [Reply]@ 2012-02-13 02:38:56
Or just don\'t. Use. Sessions. See:
Pi Ke [Reply]@ 2012-02-17 08:54:02
Yeah, I agree with you. Usually, for security reasons, we should avoid using session.
Heer [Reply]@ 2013-04-05 02:58:01
My question: is it possible to access same variable value more than one page without using session or cookie..?
Night walker [Reply]@ 2013-04-05 03:31:22
For server side, we can pass parameters as GET or POST request. You can also save variables in a flat file, but this is similar to the mechanism of session in PHP. For client side, I get to know that we can use in JavaScript to save variables.


The internet has a new 404 page

By sonic0002